From 6aaddbbe50a752d1f387332008e9a3d57de6f457 Mon Sep 17 00:00:00 2001
From: Brian Smith <briansmith@jamkazam.com>
Date: Tue, 29 Jul 2014 20:29:41 -0400
Subject: [PATCH 01/12] VRFS-1478 allow multiple session invites to same user

---
 db/manifest                                   |  3 +-
 db/up/drop_session_invite_constraint.sql      |  1 +
 web/app/assets/javascripts/inviteMusicians.js | 39 +++++++++----------
 .../views/clients/_inviteMusicians.html.erb   |  2 +-
 4 files changed, 23 insertions(+), 22 deletions(-)
 create mode 100644 db/up/drop_session_invite_constraint.sql

diff --git a/db/manifest b/db/manifest
index e23c3243d..0d099803a 100755
--- a/db/manifest
+++ b/db/manifest
@@ -197,4 +197,5 @@ update_sms_index.sql
 connection_allow_null_locidispid.sql
 track_user_in_scores.sql
 median_aggregate.sql
-current_scores_use_median.sql
\ No newline at end of file
+current_scores_use_median.sql
+drop_session_invite_constraint.sql
\ No newline at end of file
diff --git a/db/up/drop_session_invite_constraint.sql b/db/up/drop_session_invite_constraint.sql
new file mode 100644
index 000000000..a49ea7878
--- /dev/null
+++ b/db/up/drop_session_invite_constraint.sql
@@ -0,0 +1 @@
+ALTER TABLE invitations DROP CONSTRAINT invitations_uniqkey;
\ No newline at end of file
diff --git a/web/app/assets/javascripts/inviteMusicians.js b/web/app/assets/javascripts/inviteMusicians.js
index 60d60b067..09950376c 100644
--- a/web/app/assets/javascripts/inviteMusicians.js
+++ b/web/app/assets/javascripts/inviteMusicians.js
@@ -45,10 +45,12 @@
 
             if (0 == $(elemSelector + ' .friendbox').length) {
                 _appendFriendSelector($(elemSelector));
-                $('#btn-save-invites').click(function() {
-                    createInvitations(updateSessionID);
-                });
             }
+
+            $('#btn-save-invites').click(function() {
+              createInvitations(updateSessionID);
+            });
+
             $.ajax({
                 url: "/api/invitations",
                 data: { session_id:  sessionId, sender: context.JK.currentUserId }
@@ -126,8 +128,7 @@
                 var imgStyle = _inviteExists(data) ? 'display:none' : '';
                 var invitationHtml = context.JK.fillTemplate(template, 
                                                              {userId: data, 
-                                                              userName: value,
-                                                              imageStyle: imgStyle});
+                                                              userName: value});
                 $('.selected-friends').append(invitationHtml);
                 $(friendInput).select();
                 invitedFriends.push(data);
@@ -162,22 +163,20 @@
 
         function createInvitations(sessionId, onComplete) {
             var callCount = 0;
-            var totalInvitations = invitedFriends.length - existingInvites.length;
+            var totalInvitations = invitedFriends.length;
             invitedFriends.map(function(invite_id) {
-                if (!_inviteExists(invite_id)) { 
-                    callCount++;
-                    var invite = {
-                        music_session: sessionId,
-                        receiver: invite_id
-                    };
-                    $.ajax({
-                        type: "POST",
-                        url: "/api/invitations",
-                        data: invite
-                    }).done(function(response) {
-                        callCount--;
-                    }).fail(app.ajaxError);
-                }
+              callCount++;
+              var invite = {
+                  music_session: sessionId,
+                  receiver: invite_id
+              };
+              $.ajax({
+                  type: "POST",
+                  url: "/api/invitations",
+                  data: invite
+              }).done(function(response) {
+                  callCount--;
+              }).fail(app.ajaxError);
             });
             // TODO - this is the second time I've used this pattern.
             // refactor to make a common utility for this.
diff --git a/web/app/views/clients/_inviteMusicians.html.erb b/web/app/views/clients/_inviteMusicians.html.erb
index a5b7df44a..24bdba3bf 100644
--- a/web/app/views/clients/_inviteMusicians.html.erb
+++ b/web/app/views/clients/_inviteMusicians.html.erb
@@ -31,6 +31,6 @@
 <!-- Added Invitation Template -->
 <script type="text/template" id="template-added-invitation">
     <div user-id="{userId}" class="invitation">{userName} 
-        <a><%= image_tag "shared/icon_delete_sm.png", :size => "13x13", :style => "{imageStyle}" %></a>
+        <a><%= image_tag "shared/icon_delete_sm.png", :size => "13x13" %></a>
     </div>
 </script>

From d40b29a947f176fb653d460ef69799b4a6322868 Mon Sep 17 00:00:00 2001
From: Brian Smith <briansmith@jamkazam.com>
Date: Thu, 7 Aug 2014 00:50:10 -0400
Subject: [PATCH 02/12] VRFS-1971 escape HTML before saving / unescape before
 rendering

---
 web/Gemfile                                          | 1 +
 web/app/assets/javascripts/dialog/commentDialog.js   | 2 +-
 web/app/assets/javascripts/web/session_info.js       | 2 +-
 web/app/assets/javascripts/web/sessions.js           | 2 +-
 web/app/controllers/api_controller.rb                | 1 +
 web/app/controllers/api_music_sessions_controller.rb | 4 ++--
 web/app/controllers/api_recordings_controller.rb     | 2 +-
 7 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/web/Gemfile b/web/Gemfile
index 288fe86b4..64aa3c08c 100644
--- a/web/Gemfile
+++ b/web/Gemfile
@@ -77,6 +77,7 @@ gem 'rest_client'
 gem 'iso-639'
 gem 'language_list'
 gem 'rubyzip'
+gem 'htmlentities'
 
 group :development, :test do
   gem 'rspec-rails', '2.14.2'
diff --git a/web/app/assets/javascripts/dialog/commentDialog.js b/web/app/assets/javascripts/dialog/commentDialog.js
index 794ee141b..958d6ec27 100644
--- a/web/app/assets/javascripts/dialog/commentDialog.js
+++ b/web/app/assets/javascripts/dialog/commentDialog.js
@@ -71,7 +71,7 @@
         user_id: userId,
         hoverAction: musician ? "musician" : "fan",
         name: userName,
-        comment: comment,
+        comment: context._.unescape(comment),
         timeago: timeago
       };
 
diff --git a/web/app/assets/javascripts/web/session_info.js b/web/app/assets/javascripts/web/session_info.js
index d95684437..2d76b7d80 100644
--- a/web/app/assets/javascripts/web/session_info.js
+++ b/web/app/assets/javascripts/web/session_info.js
@@ -39,7 +39,7 @@
         user_id: userId,
         hoverAction: "musician",
         name: userName,
-        comment: comment,
+        comment: context._.unescape(comment),
         timeago: timeago
       });
 
diff --git a/web/app/assets/javascripts/web/sessions.js b/web/app/assets/javascripts/web/sessions.js
index 4686f34dc..e6727fb91 100644
--- a/web/app/assets/javascripts/web/sessions.js
+++ b/web/app/assets/javascripts/web/sessions.js
@@ -39,7 +39,7 @@
         user_id: userId,
         hoverAction: musician ? "musician" : "fan",
         name: userName,
-        comment: comment,
+        comment: context._.unescape(comment),
         timeago: timeago
       });
 
diff --git a/web/app/controllers/api_controller.rb b/web/app/controllers/api_controller.rb
index 85d425c82..b27e41e9b 100644
--- a/web/app/controllers/api_controller.rb
+++ b/web/app/controllers/api_controller.rb
@@ -1,6 +1,7 @@
 class ApiController < ApplicationController
 
   @@log = Logging.logger[ApiController]
+  @@html_encoder = HTMLEntities.new
 
   # define common error handlers
   rescue_from 'JamRuby::StateError' do |exception|
diff --git a/web/app/controllers/api_music_sessions_controller.rb b/web/app/controllers/api_music_sessions_controller.rb
index eae4ec2fb..f3f460b50 100644
--- a/web/app/controllers/api_music_sessions_controller.rb
+++ b/web/app/controllers/api_music_sessions_controller.rb
@@ -469,7 +469,7 @@ class ApiMusicSessionsController < ApiController
     comment = MusicSessionComment.new
     comment.music_session_id = params[:id]
     comment.creator_id = params[:user_id]
-    comment.comment = params[:comment]
+    comment.comment = @@html_encoder.encode(params[:comment])
     comment.ip_address = request.remote_ip
     comment.save
 
@@ -496,7 +496,7 @@ class ApiMusicSessionsController < ApiController
     comment = SessionInfoComment.new
     comment.music_session_id = params[:id]
     comment.creator_id = current_user.id
-    comment.comment = params[:comment]
+    comment.comment = @@html_encoder.encode(params[:comment])
     comment.save
 
     if comment.errors.any?
diff --git a/web/app/controllers/api_recordings_controller.rb b/web/app/controllers/api_recordings_controller.rb
index 75e3ea6f4..66c5625f9 100644
--- a/web/app/controllers/api_recordings_controller.rb
+++ b/web/app/controllers/api_recordings_controller.rb
@@ -108,7 +108,7 @@ class ApiRecordingsController < ApiController
     comment = RecordingComment.new
     comment.recording_id = params[:id]
     comment.creator_id = params[:user_id]
-    comment.comment = params[:comment]
+    comment.comment = @@html_encoder.encode(params[:comment])
     comment.ip_address = request.remote_ip
     comment.save
 

From f97a416867a2bc43ebd329ff8a6ebb197c30c15e Mon Sep 17 00:00:00 2001
From: Brian Smith <briansmith@jamkazam.com>
Date: Fri, 8 Aug 2014 02:22:32 -0400
Subject: [PATCH 03/12] VRFS-1891 VRFS-2011 cancel RSVP flow / show proficiency
 in RSVP dialog

---
 ruby/lib/jam_ruby/models/rsvp_request.rb              | 4 ++--
 web/app/assets/javascripts/dialog/rsvpSubmitDialog.js | 3 +--
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/ruby/lib/jam_ruby/models/rsvp_request.rb b/ruby/lib/jam_ruby/models/rsvp_request.rb
index 3558df969..b0359c1fb 100644
--- a/ruby/lib/jam_ruby/models/rsvp_request.rb
+++ b/ruby/lib/jam_ruby/models/rsvp_request.rb
@@ -98,11 +98,11 @@ module JamRuby
           end
 
           # verify user has not already submitted RSVP request for this slot
-          user_slot = RsvpRequest.joins(:rsvp_requests_rsvp_slots)
+          rsvp = RsvpRequest.joins(:rsvp_requests_rsvp_slots)
             .where(:user_id => user.id)
             .where(rsvp_requests_rsvp_slots: {rsvp_slot_id: id})
 
-          if !user_slot.blank?
+          if !rsvp.blank? && !rsvp.canceled
             raise StateError, "You have already submitted an RSVP request for this slot."
           end
 
diff --git a/web/app/assets/javascripts/dialog/rsvpSubmitDialog.js b/web/app/assets/javascripts/dialog/rsvpSubmitDialog.js
index 895927135..be8bf3afa 100644
--- a/web/app/assets/javascripts/dialog/rsvpSubmitDialog.js
+++ b/web/app/assets/javascripts/dialog/rsvpSubmitDialog.js
@@ -40,8 +40,7 @@
               $.each(response.open_slots, function(index, val) {
                 var instrument = val.instrument_id;
 
-                var instrumentTitleCase = context.JK.toTitleCase(instrument);
-                $('.rsvp-instruments', $dialog).append('<input type="checkbox" value="' + val.id + '"/>' + instrumentTitleCase + "<br/>");
+                $('.rsvp-instruments', $dialog).append('<input type="checkbox" value="' + val.id + '"/>' + val.description + " (" + val.proficiency_desc + ")<br/>");
               });
             }
           }

From cc26969f8a6033fee9bc238eb9cd6763ecfe652b Mon Sep 17 00:00:00 2001
From: Brian Smith <briansmith@jamkazam.com>
Date: Sat, 9 Aug 2014 23:22:17 -0400
Subject: [PATCH 04/12] VRFS-1891 cancel RSVP flow fix

---
 ruby/lib/jam_ruby/models/rsvp_request.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ruby/lib/jam_ruby/models/rsvp_request.rb b/ruby/lib/jam_ruby/models/rsvp_request.rb
index b0359c1fb..025e5f0f1 100644
--- a/ruby/lib/jam_ruby/models/rsvp_request.rb
+++ b/ruby/lib/jam_ruby/models/rsvp_request.rb
@@ -100,9 +100,10 @@ module JamRuby
           # verify user has not already submitted RSVP request for this slot
           rsvp = RsvpRequest.joins(:rsvp_requests_rsvp_slots)
             .where(:user_id => user.id)
+            .where(:canceled => false)
             .where(rsvp_requests_rsvp_slots: {rsvp_slot_id: id})
 
-          if !rsvp.blank? && !rsvp.canceled
+          if !rsvp.blank?
             raise StateError, "You have already submitted an RSVP request for this slot."
           end
 

From 5483078f82e4f9a053212f76240e233b62b126cd Mon Sep 17 00:00:00 2001
From: Brian Smith <briansmith@jamkazam.com>
Date: Mon, 11 Aug 2014 21:02:42 -0400
Subject: [PATCH 05/12] VRFS-2026 fix instrument wrapping of instrument icon in
 some cases on Find Session screen

---
 web/app/views/clients/_findSession.html.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/app/views/clients/_findSession.html.erb b/web/app/views/clients/_findSession.html.erb
index d37595e00..1fa5cb07e 100644
--- a/web/app/views/clients/_findSession.html.erb
+++ b/web/app/views/clients/_findSession.html.erb
@@ -220,7 +220,7 @@
         <img src="{avatar_url}" />
       </a>
     </td>
-    <td width="100%">
+    <td>
       <a user-id="{userId}" hoveraction="musician" href="{profile_url}">{musician_name}</a>
     </td>
     <td>

From dece2afc1b44156db2467a2012081d1096d5b055 Mon Sep 17 00:00:00 2001
From: Brian Smith <briansmith@jamkazam.com>
Date: Tue, 12 Aug 2014 00:24:57 -0400
Subject: [PATCH 06/12] VRFS-1478 fix bugs

---
 ruby/lib/jam_ruby/models/music_session.rb      |  2 +-
 web/app/assets/javascripts/inviteMusicians.js  | 18 ++++++++----------
 .../controllers/api_invitations_controller.rb  |  8 ++++----
 3 files changed, 13 insertions(+), 15 deletions(-)

diff --git a/ruby/lib/jam_ruby/models/music_session.rb b/ruby/lib/jam_ruby/models/music_session.rb
index 35a5a7892..0f50f0aeb 100644
--- a/ruby/lib/jam_ruby/models/music_session.rb
+++ b/ruby/lib/jam_ruby/models/music_session.rb
@@ -524,7 +524,7 @@ module JamRuby
 
     # retrieve users that have invitations but have not submitted an RSVP request for this session
     def pending_invitations
-      User.find_by_sql(%Q{select u.id, u.email, u.photo_url, u.first_name, u.last_name
+      User.find_by_sql(%Q{select distinct u.id, u.email, u.photo_url, u.first_name, u.last_name
                               from users u
                               inner join invitations i on u.id = i.receiver_id
                               left join rsvp_requests rr on rr.user_id = i.receiver_id
diff --git a/web/app/assets/javascripts/inviteMusicians.js b/web/app/assets/javascripts/inviteMusicians.js
index 09950376c..d7f6b933c 100644
--- a/web/app/assets/javascripts/inviteMusicians.js
+++ b/web/app/assets/javascripts/inviteMusicians.js
@@ -41,14 +41,17 @@
             friendSelectorDialog.setCallback(friendSelectorCallback);
 
             inviteAction = 'update';
-            friendInput = '#friend-input-'+inviteAction;
+            friendInput = '#friend-input-' + inviteAction;
 
             if (0 == $(elemSelector + ' .friendbox').length) {
                 _appendFriendSelector($(elemSelector));
             }
 
+            $('#btn-save-invites').unbind('click');
+
             $('#btn-save-invites').click(function() {
               createInvitations(updateSessionID);
+              app.layout.closeDialog('select-invites');
             });
 
             $.ajax({
@@ -114,10 +117,6 @@
             }
         }
 
-        function _inviteExists(userID) {
-            return 0 <= existingInvites.indexOf(userID);
-        }
-
         function addInvitation(value, data) {
             if (undefined === data) {
                 data = value.data;
@@ -125,7 +124,6 @@
             }
             if (0 > invitedFriends.indexOf(data)) {
                 var template = $('#template-added-invitation').html();
-                var imgStyle = _inviteExists(data) ? 'display:none' : '';
                 var invitationHtml = context.JK.fillTemplate(template, 
                                                              {userId: data, 
                                                               userName: value});
@@ -220,16 +218,16 @@
         function _friendSelectorHTML() {
             var fInput = friendInput ? friendInput.substring(1,friendInput.length) : '';
             return context.JK.fillTemplate($('#template-session-invite-musicians').html(),
-                                           {choose_friends_id: 'btn-choose-friends-'+inviteAction,
-                                            selected_friends_id: 'selected-friends-'+inviteAction,
+                                           {choose_friends_id: 'btn-choose-friends-' + inviteAction,
+                                            selected_friends_id: 'selected-friends-' + inviteAction,
                                             friend_input: fInput,
                                             instructions: addInstructions}); 
         }
 
         function _appendFriendSelector(elemSelector) {
             elemSelector.append(_friendSelectorHTML());
-            $('#selected-friends-'+inviteAction).on("click", ".invitation a", removeInvitation);
-            $('#btn-choose-friends-'+inviteAction).click(function(){
+            $('#selected-friends-' + inviteAction).on("click", ".invitation a", removeInvitation);
+            $('#btn-choose-friends-' + inviteAction).click(function(){
                 var obj = {};
                 invitedFriends.map(function(uid) { obj[uid] = true; });
                 friendSelectorDialog.showDialog(obj);
diff --git a/web/app/controllers/api_invitations_controller.rb b/web/app/controllers/api_invitations_controller.rb
index 58a3965e6..b1c91ddb5 100644
--- a/web/app/controllers/api_invitations_controller.rb
+++ b/web/app/controllers/api_invitations_controller.rb
@@ -15,19 +15,19 @@ class ApiInvitationsController < ApiController
         raise PermissionError, "You can only ask for your own sent invitations"
       end
       if session_id = params[:session_id]
-        @invitations = Invitation.where(:sender_id => sender_id, :music_session_id => session_id)
+        @invitations = Invitation.where(:sender_id => sender_id, :music_session_id => session_id).uniq_by { |i| i.receiver_id }
       else
-        @invitations = Invitation.where(:sender_id => current_user.id)
+        @invitations = Invitation.where(:sender_id => current_user.id).uniq_by { |i| i.receiver_id }
       end
     elsif !receiver_id.nil?
       if current_user.id != receiver_id
         raise PermissionError, "You can only ask for your own received invitations"
       end
 
-      @invitations = Invitation.where(:receiver_id => current_user.id)
+      @invitations = Invitation.where(:receiver_id => current_user.id).uniq_by { |i| i.receiver_id }
     else
       # default to invitations you've received
-      @invitations = Invitation.where(:receiver_id => current_user.id)
+      @invitations = Invitation.where(:receiver_id => current_user.id).uniq_by { |i| i.receiver_id }
     end
   end
 

From 257e14ef5ddce7f79777650ff439d53937ec4458 Mon Sep 17 00:00:00 2001
From: Brian Smith <briansmith@jamkazam.com>
Date: Tue, 12 Aug 2014 00:46:05 -0400
Subject: [PATCH 07/12] VRFS-1478 fix text

---
 web/spec/requests/invitations_api_spec.rb | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/web/spec/requests/invitations_api_spec.rb b/web/spec/requests/invitations_api_spec.rb
index 68d751341..47475f373 100644
--- a/web/spec/requests/invitations_api_spec.rb
+++ b/web/spec/requests/invitations_api_spec.rb
@@ -106,9 +106,7 @@ describe "Invitation API ", :type => :api do
       invitation = FactoryGirl.create(:invitation, :sender => user, :receiver => other_user, :music_session => music_session.music_session)
 
       post '/api/invitations.json', {:music_session => music_session.id, :receiver => other_user.id}.to_json, "CONTENT_TYPE" => 'application/json'
-      last_response.status.should eql(409)
-      response = JSON.parse(last_response.body)
-      response["errors"]["resource"][0].should == "resource already exists"
+      last_response.status.should eql(201)
 
     end
 

From da12798d193ddf618ae6f2af059453b23d5d5e8a Mon Sep 17 00:00:00 2001
From: Brian Smith <briansmith@jamkazam.com>
Date: Tue, 12 Aug 2014 01:37:11 -0400
Subject: [PATCH 08/12] VRFS-1562 avatar within musician/band hover bubble
 should link to profile

---
 web/app/views/clients/_hoverBand.html.erb     | 2 +-
 web/app/views/clients/_hoverMusician.html.erb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/web/app/views/clients/_hoverBand.html.erb b/web/app/views/clients/_hoverBand.html.erb
index 491199b31..3bc440c21 100644
--- a/web/app/views/clients/_hoverBand.html.erb
+++ b/web/app/views/clients/_hoverBand.html.erb
@@ -52,7 +52,7 @@
 
 <script type="text/template" id="template-hover-band">
   <div class="bubble-inner">
-    <a href="#" class="avatar_large left mr20"><img src="{avatar_url}" /></a>
+    <a href="{profile_url}" class="avatar_large left mr20"><img src="{avatar_url}" /></a>
     <div class="left">
       <h3>{name}</h3>
       <small>{location}<br /><strong>{genres}</strong></small><br />
diff --git a/web/app/views/clients/_hoverMusician.html.erb b/web/app/views/clients/_hoverMusician.html.erb
index 253e7dceb..818ea56a4 100644
--- a/web/app/views/clients/_hoverMusician.html.erb
+++ b/web/app/views/clients/_hoverMusician.html.erb
@@ -190,7 +190,7 @@
 
 <script type="text/template" id="template-hover-musician">
   <div class="bubble-inner">
-    <a href="#" class="avatar_large left mr20"><img src="{avatar_url}" /></a>
+    <a href="{profile_url}" class="avatar_large left mr20"><img src="{avatar_url}" /></a>
     <div class="left ib">
       <h3>{name}</h3>
       <small>{location}</small><br /><br />

From e8847280bc863ebd17eb8cfaa30ed5dc71bd2de9 Mon Sep 17 00:00:00 2001
From: Brian Smith <briansmith@jamkazam.com>
Date: Tue, 12 Aug 2014 02:20:25 -0400
Subject: [PATCH 09/12] VRFS-1995 do not send notifications to users with
 canceled RSVPs

---
 ruby/lib/jam_ruby/models/notification.rb | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ruby/lib/jam_ruby/models/notification.rb b/ruby/lib/jam_ruby/models/notification.rb
index e21e358c8..5f7f1aa40 100644
--- a/ruby/lib/jam_ruby/models/notification.rb
+++ b/ruby/lib/jam_ruby/models/notification.rb
@@ -762,7 +762,7 @@ module JamRuby
         return if music_session.nil?
         
         rsvp_requests = RsvpRequest.index(music_session)
-        target_users = rsvp_requests.map { |r| r.user }
+        target_users = rsvp_requests.where(:canceled => false).map { |r| r.user }
 
         # remove the creator from the array
         target_users = target_users.uniq - [music_session.creator]
@@ -804,7 +804,7 @@ module JamRuby
         return if music_session.nil?
 
         rsvp_requests = RsvpRequest.index(music_session)
-        target_users = rsvp_requests.map { |r| r.user }
+        target_users = rsvp_requests.where(:canceled => false).map { |r| r.user }
         pending_invites = music_session.pending_invitations
 
         # remove the creator from the array
@@ -847,7 +847,7 @@ module JamRuby
         return if music_session.nil?
 
         rsvp_requests = RsvpRequest.index(music_session)
-        target_users = rsvp_requests.map { |r| r.user }
+        target_users = rsvp_requests.where(:canceled => false).map { |r| r.user }
 
         # remove the creator from the array
         target_users = target_users.uniq - [music_session.creator]
@@ -889,7 +889,7 @@ module JamRuby
         return if music_session.nil? || creator.nil? || comment.blank?
 
         rsvp_requests = RsvpRequest.index(music_session)
-        target_users = rsvp_requests.map { |r| r.user }
+        target_users = rsvp_requests.where(:canceled => false).map { |r| r.user }
         target_users = target_users.concat([music_session.creator])
         pending_invites = music_session.pending_invitations
 

From 5691e6092f8bc6db2a58d8d0e0d3f531ef39e8e2 Mon Sep 17 00:00:00 2001
From: Brian Smith <briansmith@jamkazam.com>
Date: Thu, 14 Aug 2014 01:45:37 -0400
Subject: [PATCH 10/12] VRFS-2022 show private sessions/recordings in the feed

---
 ruby/lib/jam_ruby/models/feed.rb              | 28 ++++-----------
 ruby/lib/jam_ruby/models/notification.rb      |  4 +--
 ruby/lib/jam_ruby/models/rsvp_request.rb      |  2 +-
 ruby/spec/jam_ruby/models/feed_spec.rb        | 20 +++++------
 web/app/controllers/api_feeds_controller.rb   | 16 ++++-----
 web/app/helpers/feeds_helper.rb               | 36 +++++++++++++++----
 web/app/views/api_feeds/show.rabl             | 11 +++---
 .../views/users/_feed_music_session.html.haml |  4 ++-
 .../users/_feed_music_session_ajax.html.haml  |  2 ++
 web/app/views/users/_feed_recording.html.haml |  4 +--
 10 files changed, 71 insertions(+), 56 deletions(-)

diff --git a/ruby/lib/jam_ruby/models/feed.rb b/ruby/lib/jam_ruby/models/feed.rb
index 6ac48f792..cd68b8bd4 100644
--- a/ruby/lib/jam_ruby/models/feed.rb
+++ b/ruby/lib/jam_ruby/models/feed.rb
@@ -1,4 +1,3 @@
-
 module JamRuby
   class Feed < ActiveRecord::Base
 
@@ -73,15 +72,10 @@ module JamRuby
       end
 
 
-        if target_user
+      if target_user
 
-        if target_user != user.id
-          require_public_recordings = "claimed_recordings.is_public = TRUE AND"
-          require_public_sessions = "music_sessions.fan_access = TRUE AND"
-        end
-
-        query = query.joins("LEFT OUTER JOIN claimed_recordings ON recordings.id = claimed_recordings.recording_id AND claimed_recordings.discarded = FALSE AND #{require_public_recordings} (claimed_recordings.user_id = '#{target_user}' OR (recordings.band_id IN (SELECT band_id FROM bands_musicians where user_id='#{target_user}')))")
-        query = query.joins("LEFT OUTER JOIN music_sessions_user_history ON music_sessions.id = music_sessions_user_history.music_session_id AND #{require_public_sessions} music_sessions_user_history.user_id = '#{target_user}'")
+        query = query.joins("LEFT OUTER JOIN claimed_recordings ON recordings.id = claimed_recordings.recording_id AND claimed_recordings.discarded = FALSE AND (claimed_recordings.user_id = '#{target_user}' OR (recordings.band_id IN (SELECT band_id FROM bands_musicians where user_id='#{target_user}')))")
+        query = query.joins("LEFT OUTER JOIN music_sessions_user_history ON music_sessions.id = music_sessions_user_history.music_session_id AND music_sessions_user_history.user_id = '#{target_user}'")
         query = query.group("feeds.id, feeds.recording_id, feeds.music_session_id, feeds.created_at, feeds.updated_at, recordings.id, music_sessions.id")
         if sort == 'plays'
           query = query.group("COALESCE(recordings.play_count, music_sessions.play_count)")
@@ -93,13 +87,8 @@ module JamRuby
 
       elsif target_band
 
-        unless Band.find(target_band).users.include?(user)
-          require_public_recordings = "claimed_recordings.is_public = TRUE AND"
-          require_public_sessions = "music_sessions.fan_access = TRUE AND"
-        end
-
-        query = query.joins("LEFT OUTER JOIN claimed_recordings ON recordings.id = claimed_recordings.recording_id AND claimed_recordings.discarded = FALSE AND #{require_public_recordings} recordings.band_id = '#{target_band}'")
-        query = query.where("music_sessions IS NULL OR #{require_public_sessions} music_sessions.band_id = '#{target_band}'")
+        query = query.joins("LEFT OUTER JOIN claimed_recordings ON recordings.id = claimed_recordings.recording_id AND claimed_recordings.discarded = FALSE AND recordings.band_id = '#{target_band}'")
+        query = query.where("music_sessions IS NULL OR music_sessions.band_id = '#{target_band}'")
         query = query.group("feeds.id, feeds.recording_id, feeds.music_session_id, feeds.created_at, feeds.updated_at, recordings.id, music_sessions.id")
         if sort == 'plays'
           query = query.group("COALESCE(recordings.play_count, music_sessions.play_count)")
@@ -109,8 +98,8 @@ module JamRuby
         query = query.where('recordings.id is NULL OR claimed_recordings.id IS NOT NULL')
         #query = query.where('music_sessions.id is NULL OR music_sessions_user_history.id IS NOT NULL')
       else
-        query = query.joins('LEFT OUTER JOIN claimed_recordings ON recordings.id = claimed_recordings.recording_id AND claimed_recordings.discarded = FALSE AND claimed_recordings.is_public = TRUE')
-        query = query.joins("LEFT OUTER JOIN music_sessions_user_history ON music_sessions.id = music_sessions_user_history.music_session_id AND music_sessions.fan_access = TRUE")
+        query = query.joins('LEFT OUTER JOIN claimed_recordings ON recordings.id = claimed_recordings.recording_id AND claimed_recordings.discarded = FALSE')
+        query = query.joins("LEFT OUTER JOIN music_sessions_user_history ON music_sessions.id = music_sessions_user_history.music_session_id")
         query = query.group("feeds.id, feeds.recording_id, feeds.music_session_id, feeds.created_at, feeds.updated_at, recordings.id, music_sessions.id")
         if sort == 'plays'
           query = query.group("COALESCE(recordings.play_count, music_sessions.play_count)")
@@ -121,9 +110,6 @@ module JamRuby
         query = query.where('music_sessions.id is NULL OR music_sessions_user_history.id IS NOT NULL')
       end
 
-
-
-
       if params[:hash]
         if query.length == 0
           { query:query, next: nil}
diff --git a/ruby/lib/jam_ruby/models/notification.rb b/ruby/lib/jam_ruby/models/notification.rb
index 5f7f1aa40..0993ab157 100644
--- a/ruby/lib/jam_ruby/models/notification.rb
+++ b/ruby/lib/jam_ruby/models/notification.rb
@@ -884,12 +884,12 @@ module JamRuby
         end
       end
 
-      def send_scheduled_session_comment(music_session, creator, comment)
+      def send_scheduled_session_comment(music_session, creator, comment, send_to_cancelled = false)
 
         return if music_session.nil? || creator.nil? || comment.blank?
 
         rsvp_requests = RsvpRequest.index(music_session)
-        target_users = rsvp_requests.where(:canceled => false).map { |r| r.user }
+        target_users = send_to_cancelled ? rsvp_requests.map { |r| r.user } : rsvp_requests.where(:canceled => false).map { |r| r.user }
         target_users = target_users.concat([music_session.creator])
         pending_invites = music_session.pending_invitations
 
diff --git a/ruby/lib/jam_ruby/models/rsvp_request.rb b/ruby/lib/jam_ruby/models/rsvp_request.rb
index 025e5f0f1..9e534f584 100644
--- a/ruby/lib/jam_ruby/models/rsvp_request.rb
+++ b/ruby/lib/jam_ruby/models/rsvp_request.rb
@@ -265,7 +265,7 @@ module JamRuby
           session_info_comment.user = user
           session_info_comment.comment = params[:message]
           session_info_comment.save
-          Notification.send_scheduled_session_comment(music_session, user, params[:message])
+          Notification.send_scheduled_session_comment(music_session, user, params[:message], true)
         end
       end
     end
diff --git a/ruby/spec/jam_ruby/models/feed_spec.rb b/ruby/spec/jam_ruby/models/feed_spec.rb
index 54ec1955e..dc790f13c 100644
--- a/ruby/spec/jam_ruby/models/feed_spec.rb
+++ b/ruby/spec/jam_ruby/models/feed_spec.rb
@@ -255,7 +255,7 @@ describe Feed do
   end
 
   describe "public feed" do
-    it "only public" do
+    it "public and private" do
       claimed_recording1 = FactoryGirl.create(:claimed_recording)
       claimed_recording1.is_public = false
       claimed_recording1.save!
@@ -267,7 +267,7 @@ describe Feed do
       claimed_recording1.recording.music_session.music_session.save!
 
       feeds, start = Feed.index(claimed_recording1.user)
-      feeds.length.should == 0
+      feeds.length.should == 1
     end
   end
 
@@ -302,7 +302,7 @@ describe Feed do
       feeds[0].music_session.should == music_session.music_session
     end
 
-    it "shows private sessions to you, not to others" do
+    it "shows private sessions to you and to others" do
       user1.bands << band
       user1.save!
       music_session = FactoryGirl.create(:active_music_session, band: band, fan_access: false)
@@ -315,7 +315,7 @@ describe Feed do
 
 
       feeds, start = Feed.index(user2, band: band.id)
-      feeds.length.should == 0
+      feeds.length.should == 1
     end
 
     it "shows public recordings to you and to others" do
@@ -334,7 +334,7 @@ describe Feed do
       feeds[0].recording.should == claimed_recording1.recording
     end
 
-    it "shows private recordings to you, not to others" do
+    it "shows private recordings to you and to others" do
       claimed_recording1 = FactoryGirl.create(:claimed_recording)
       claimed_recording1.is_public = false
       claimed_recording1.recording.band = band
@@ -349,7 +349,7 @@ describe Feed do
       feeds[0].recording.should == claimed_recording1.recording
 
       feeds, start = Feed.index(user1, band: band.id)
-      feeds.length.should == 0
+      feeds.length.should == 1
     end
   end
 
@@ -380,7 +380,7 @@ describe Feed do
     end
 
 
-    it "shows private sessions to you, not to others" do
+    it "shows private sessions to you and to others" do
       music_session = FactoryGirl.create(:active_music_session, fan_access: false)
       music_session.music_session.fan_access.should be_false
       FactoryGirl.create(:music_session_user_history, :history => music_session.music_session, :user => user1)
@@ -392,7 +392,7 @@ describe Feed do
 
 
       feeds, start = Feed.index(user2, user: user1.id)
-      feeds.length.should == 0
+      feeds.length.should == 1
     end
 
     it "shows public recordings to you and to others" do
@@ -409,7 +409,7 @@ describe Feed do
       feeds[0].recording.should == claimed_recording1.recording
     end
 
-    it "shows private recordings to you, not to others" do
+    it "shows private recordings to you and to others" do
       claimed_recording1 = FactoryGirl.create(:claimed_recording)
       claimed_recording1.is_public = false
       claimed_recording1.save!
@@ -419,7 +419,7 @@ describe Feed do
       feeds[0].recording.should == claimed_recording1.recording
 
       feeds, start = Feed.index(user1, user: claimed_recording1.user.id)
-      feeds.length.should == 0
+      feeds.length.should == 1
     end
 
     it "shows band recordings to you even though you did not claim a recording" do
diff --git a/web/app/controllers/api_feeds_controller.rb b/web/app/controllers/api_feeds_controller.rb
index 693fbe73e..b2e2c08cd 100644
--- a/web/app/controllers/api_feeds_controller.rb
+++ b/web/app/controllers/api_feeds_controller.rb
@@ -4,14 +4,14 @@ class ApiFeedsController < ApiController
 
   def index
     data = Feed.index(current_user,
-                               start: params[:since],
-                               limit: params[:limit],
-                               sort: params[:sort],
-                               time_range: params[:time_range],
-                               type: params[:type],
-                               user: params[:user],
-                               band: params[:band],
-                               hash: true)
+                       start: params[:since],
+                       limit: params[:limit],
+                       sort: params[:sort],
+                       time_range: params[:time_range],
+                       type: params[:type],
+                       user: params[:user],
+                       band: params[:band],
+                       hash: true)
 
 
     @feeds = data[:query]
diff --git a/web/app/helpers/feeds_helper.rb b/web/app/helpers/feeds_helper.rb
index 1f9f135b6..50664cf89 100644
--- a/web/app/helpers/feeds_helper.rb
+++ b/web/app/helpers/feeds_helper.rb
@@ -1,4 +1,6 @@
 module FeedsHelper
+  PRIVATE_TEXT = "Private"
+
   def session_artist_name(music_session)
     (music_session.band.nil? ? nil : music_session.band.name) || music_session.creator.name
   end
@@ -47,8 +49,20 @@ module FeedsHelper
     end
   end
 
-  def session_description(music_session)
-    music_session.description
+  def session_name(music_session, user)
+    if music_session.fan_access || ( (user && user.id == music_session.creator.id) || (music_session.band && music_session.band.users.include?(user)) )
+      music_session.name
+    else
+      PRIVATE_TEXT
+    end
+  end
+
+  def session_description(music_session, user)
+    if music_session.fan_access || ( (user && user.id == music_session.creator.id) || (music_session.band && music_session.band.users.include?(user)) )
+      music_session.description
+    else
+      PRIVATE_TEXT
+    end
   end
 
   # grabs 1st genre
@@ -80,12 +94,22 @@ module FeedsHelper
     duration(recording.duration, options)
   end
 
-  def recording_name(recording)
-    recording.candidate_claimed_recording.name
+  def recording_name(recording, user)
+    r = recording.candidate_claimed_recording
+    if r.is_public || (user && user.id == r.user.id)
+      r.name
+    else
+      PRIVATE_TEXT
+    end
   end
 
-  def recording_description(recording)
-    recording.candidate_claimed_recording.description
+  def recording_description(recording, user)
+    r = recording.candidate_claimed_recording
+    if r.is_public || (user && user.id == r.user.id)
+      r.description
+    else
+      PRIVATE_TEXT
+    end
   end
 
   def recording_genre(recording)
diff --git a/web/app/views/api_feeds/show.rabl b/web/app/views/api_feeds/show.rabl
index e502fcbf7..fc877a6ec 100644
--- a/web/app/views/api_feeds/show.rabl
+++ b/web/app/views/api_feeds/show.rabl
@@ -7,7 +7,7 @@ glue :music_session do
     'music_session'
   end
 
-  attributes :id, :description, :genres, :created_at, :session_removed_at, :comment_count, :like_count, :play_count, :fan_access, :is_over?, :has_mount?
+  attributes :id, :genres, :created_at, :session_removed_at, :comment_count, :like_count, :play_count, :fan_access, :is_over?, :has_mount?
 
   node do |history|
   {
@@ -18,7 +18,8 @@ glue :music_session do
       artist_datakey: session_artist_datakey(history),
       artist_hoveraction: session_artist_hoveraction(history),
       utc_created_at: history.created_at.getutc.iso8601,
-      description: session_description(history),
+      name: session_name(history, current_user),
+      description: session_description(history, current_user),
       status: session_text(history),
       duration: session_duration_value(history),
       duration_secs: history.created_at.to_i,
@@ -88,8 +89,8 @@ glue :recording do
         artist_hoveraction: recording_artist_hoveraction(recording),
         artist_datakey: recording_artist_datakey(recording),
         utc_created_at: recording.created_at.getutc.iso8601,
-        name: recording_name(recording),
-        description: recording_description(recording),
+        name: recording_name(recording, current_user),
+        description: recording_description(recording, current_user),
         genre: recording_genre(recording)
       }
     }
@@ -140,7 +141,7 @@ glue :recording do
 
   child(:claimed_recordings => :claimed_recordings) {
 
-    attributes :id, :name, :description, :is_public, :genre_id, :has_mix?, :user_id
+    attributes :id, :is_public, :genre_id, :has_mix?, :user_id
 
     child(:user => :creator) {
       attributes :id, :first_name, :last_name, :photo_url
diff --git a/web/app/views/users/_feed_music_session.html.haml b/web/app/views/users/_feed_music_session.html.haml
index d7dda270b..33be9304f 100644
--- a/web/app/views/users/_feed_music_session.html.haml
+++ b/web/app/views/users/_feed_music_session.html.haml
@@ -11,8 +11,10 @@
     = timeago(feed_item.created_at, class: 'small created_at')
   / name and description
   .left.ml20.w30
+    .name.dotdotdot
+      = session_name(feed_item, current_user)
     .description.dotdotdot
-      = session_description(feed_item)
+      = session_description(feed_item, current_user)
   / timeline and controls
   .right.w40
     / recording play controls
diff --git a/web/app/views/users/_feed_music_session_ajax.html.haml b/web/app/views/users/_feed_music_session_ajax.html.haml
index dddf4a630..44e9cff84 100644
--- a/web/app/views/users/_feed_music_session_ajax.html.haml
+++ b/web/app/views/users/_feed_music_session_ajax.html.haml
@@ -14,6 +14,8 @@
       %time.small.created_at.timeago{datetime: '{{data.feed_item.helpers.utc_created_at}}'}= '{{data.feed_item.created_at}}'
     / name and description
     .left.ml20.w30
+      .name.dotdotdot
+        %span.name-text {{data.feed_item.helpers.name}}
       .description.dotdotdot
         = '{{data.feed_item.helpers.description}}'
     / timeline and controls
diff --git a/web/app/views/users/_feed_recording.html.haml b/web/app/views/users/_feed_recording.html.haml
index 389175298..e81203183 100644
--- a/web/app/views/users/_feed_recording.html.haml
+++ b/web/app/views/users/_feed_recording.html.haml
@@ -15,9 +15,9 @@
   / name and description
   .name-and-description
     .name.dotdotdot
-      = recording_name(feed_item)
+      = recording_name(feed_item, current_user)
     .description.dotdotdot
-      = recording_description(feed_item)
+      = recording_description(feed_item, current_user)
   / timeline and controls
   .recording-controls-holder
     / recording play controls

From 4b93b232828ec063a999fe1dac4628ea2a30ffa3 Mon Sep 17 00:00:00 2001
From: Brian Smith <briansmith@jamkazam.com>
Date: Thu, 14 Aug 2014 02:11:36 -0400
Subject: [PATCH 11/12] VRFS-2022 fix tests

---
 web/spec/controllers/api_feeds_controller_spec.rb | 4 ++--
 web/spec/features/welcome_spec.rb                 | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/web/spec/controllers/api_feeds_controller_spec.rb b/web/spec/controllers/api_feeds_controller_spec.rb
index e89a32f95..541366306 100644
--- a/web/spec/controllers/api_feeds_controller_spec.rb
+++ b/web/spec/controllers/api_feeds_controller_spec.rb
@@ -135,7 +135,7 @@ describe ApiFeedsController do
 
       get :index,  { user: music_session.creator.id }
       json = JSON.parse(response.body, :symbolize_names => true)
-      json[:entries].length.should == 0
+      json[:entries].length.should == 1
     end
   end
 
@@ -171,7 +171,7 @@ describe ApiFeedsController do
 
       get :index, { band: band.id }
       json = JSON.parse(response.body, :symbolize_names => true)
-      json[:entries].length.should == 0
+      json[:entries].length.should == 1
     end
   end
 end
diff --git a/web/spec/features/welcome_spec.rb b/web/spec/features/welcome_spec.rb
index 6207af5ae..78da6b97a 100644
--- a/web/spec/features/welcome_spec.rb
+++ b/web/spec/features/welcome_spec.rb
@@ -218,7 +218,7 @@ describe "Welcome", :js => true, :type => :feature, :capybara_feature => true  d
 
       visit "/"
       find('h1', text: 'Play music together over the Internet as if in the same room')
-      should_not have_selector('.feed-entry.music-session-history-entry')
+      should have_selector('.feed-entry.music-session-history-entry')
 
       # try to mess with the music session history by removing all user histories (which makes it a bit invalid)
       # but we really don't want the front page to ever crash if we can help it

From 25e3f23dcffa71e902c7cd74fc5b4285fa4855d5 Mon Sep 17 00:00:00 2001
From: Brian Smith <briansmith@jamkazam.com>
Date: Fri, 15 Aug 2014 00:32:45 -0400
Subject: [PATCH 12/12] VRFS-1891 VRFS-2022 bug fixes / test additions

---
 ruby/lib/jam_ruby/models/rsvp_request.rb      |  1 +
 web/app/assets/javascripts/jam_rest.js        |  6 +-
 web/app/assets/javascripts/sessionList.js     | 63 ++++++++++---------
 .../assets/javascripts/web/session_info.js    | 13 +++-
 web/app/helpers/feeds_helper.rb               |  8 +--
 web/app/views/clients/_findSession.html.erb   |  2 +-
 .../controllers/api_feeds_controller_spec.rb  | 12 ++++
 7 files changed, 63 insertions(+), 42 deletions(-)

diff --git a/ruby/lib/jam_ruby/models/rsvp_request.rb b/ruby/lib/jam_ruby/models/rsvp_request.rb
index 9e534f584..689aad72e 100644
--- a/ruby/lib/jam_ruby/models/rsvp_request.rb
+++ b/ruby/lib/jam_ruby/models/rsvp_request.rb
@@ -33,6 +33,7 @@ module JamRuby
                     rs.music_session_id = '#{music_session.id}'
                   }
                 )
+                .order('rsvp_requests.created_at DESC')
 
       if options[:status] == 'approved'
         query = query.where("rrrs.chosen = true AND canceled != TRUE")
diff --git a/web/app/assets/javascripts/jam_rest.js b/web/app/assets/javascripts/jam_rest.js
index 619ea3036..9d51abb2a 100644
--- a/web/app/assets/javascripts/jam_rest.js
+++ b/web/app/assets/javascripts/jam_rest.js
@@ -226,14 +226,10 @@
         }
 
         function cancelRsvpRequest(sessionId, rsvpRequestId, cancelAll) {
-          var cancel = "yes";
-          if (cancelAll) {
-            cancel = "all";
-          }
           return $.ajax({
             url: '/api/rsvp_requests/' + rsvpRequestId,
             type: "DELETE",
-            data : JSON.stringify({"session_id": sessionId, "cancelled": cancel}),
+            data : JSON.stringify({"session_id": sessionId, "cancelled": cancelAll}),
             dataType : 'json',
             contentType: 'application/json'
           });
diff --git a/web/app/assets/javascripts/sessionList.js b/web/app/assets/javascripts/sessionList.js
index 4321cc183..705ccafae 100644
--- a/web/app/assets/javascripts/sessionList.js
+++ b/web/app/assets/javascripts/sessionList.js
@@ -142,7 +142,7 @@
       var rsvpUsersHtml = '', openSlotsHtml = '', latencyHtml = '', notationFileHtml = '';
 
       context._.each(session.pending_rsvp_requests, function(pending_rsvp_request) {
-          if(pending_rsvp_request.user_id == context.JK.currentUserId) {
+          if(pending_rsvp_request.user_id === context.JK.currentUserId) {
             pendingRsvpId = pending_rsvp_request.id;
           }
       });
@@ -185,6 +185,29 @@
         }
       }
 
+      // notation files
+      if (session.music_notations) {
+        for (i=0; i < session.music_notations.length; i++) {
+          notationFileHtml += createNotationFile(session.music_notations[i]);
+        }
+      }
+
+      var sessionVals = buildSessionObject(session, notationFileHtml, rsvpUsersHtml, openSlotsHtml, latencyHtml);
+      sessionVals.scheduled_start = session.pretty_scheduled_start_with_timezone;
+
+      var row = context.JK.fillTemplate($inactiveSessionTemplate.html(), sessionVals);
+
+      // initial page load
+      if (!$rowToUpdate) {
+        $(tbGroup).append(row);
+      }
+      // inline update after an RSVP submission / cancellation
+      else {
+        $rowToUpdate.replaceWith(row);
+      }
+      
+      var $parentRow = $('tr[data-session-id=' + session.id + ']', tbGroup);
+
       var showRsvpLink = true;
       var noLinkText = '';
 
@@ -194,7 +217,10 @@
         noLinkText.find('a').click(function() {
           ui.launchRsvpCancelDialog(session.id, approvedRsvpId)
             .one(EVENTS.RSVP_CANCELED, function() {
-              // VRFS-1891
+              rest.getSessionHistory(session.id)
+                .done(function(response) {
+                  renderInactiveSession(response, tbGroup, $parentRow);
+                });
             })
             .one(EVENTS.DIALOG_CLOSED, function() {
               $(this).unbind(EVENTS.RSVP_CANCELED);
@@ -208,7 +234,10 @@
         noLinkText.find('a').click(function() {
           ui.launchRsvpCancelDialog(session.id, pendingRsvpId)
             .one(EVENTS.RSVP_CANCELED, function() {
-              // VRFS-1891
+              rest.getSessionHistory(session.id)
+                .done(function(response) {
+                  renderInactiveSession(response, tbGroup, $parentRow);
+                });
             })
             .one(EVENTS.DIALOG_CLOSED, function() {
               $(this).unbind(EVENTS.RSVP_CANCELED);
@@ -224,35 +253,10 @@
         showRsvpLink = false;
         noLinkText = '<span class="text">You need an invitation to RSVP to this session.</span>';
       }
-
-      // notation files
-      if (session.music_notations) {
-        for (i=0; i < session.music_notations.length; i++) {
-          notationFileHtml += createNotationFile(session.music_notations[i]);
-        }
-      }
-
-      var sessionVals = buildSessionObject(session, notationFileHtml, rsvpUsersHtml, openSlotsHtml, latencyHtml);
-      sessionVals.scheduled_start = session.pretty_scheduled_start_with_timezone;
-      sessionVals.rsvp_link_display_style = showRsvpLink ? "block" : "none";
-
-      var row = context.JK.fillTemplate($inactiveSessionTemplate.html(), sessionVals);
-
-      // initial page load
-      if (!$rowToUpdate) {
-        $(tbGroup).append(row);
-      }
-      // inline update after an RSVP submission / cancellation
-      else {
-        $rowToUpdate.replaceWith(row);
-      }
-      
-      var $parentRow = $('tr[data-session-id=' + session.id + ']', tbGroup);
       
       if (showRsvpLink) {
-        
         $('.rsvp-msg', $parentRow).hide();
-        var $parentRow = $('tr[data-session-id=' + session.id + ']', tbGroup);
+        $('.rsvp-link', $parentRow).show();
 
         $('.rsvp-link', $parentRow).click(function(evt) {
           ui.launchRsvpSubmitDialog(session.id)
@@ -270,6 +274,7 @@
       }
       else {
         $('.rsvp-msg', $parentRow).html(noLinkText).show();
+        $('.rsvp-link', $parentRow).hide();
       }
     }
 
diff --git a/web/app/assets/javascripts/web/session_info.js b/web/app/assets/javascripts/web/session_info.js
index 2d76b7d80..3886a6068 100644
--- a/web/app/assets/javascripts/web/session_info.js
+++ b/web/app/assets/javascripts/web/session_info.js
@@ -150,11 +150,18 @@
       rest.getRsvpRequests(musicSessionId)
         .done(function(rsvps) {
           if (rsvps && rsvps.length > 0) {
-            // should only be 1 RSVP for this session and user
+            // the first RSVP should be the most recent (users may have many RSVPs to same session if they cancel
+            // and resubmit); use its status to determine what CTA to present
             var rsvp = rsvps[0];
             if (rsvp.canceled) {
-              $('.call-to-action').html('Your RSVP request to this session has been cancelled.');
-              $btnAction.hide();
+              $('.call-to-action').html("Tell the session organizer you'd like to play in this session");
+              $btnAction.html('RSVP NOW!');
+              $btnAction.click(function(e) {
+                ui.launchRsvpSubmitDialog(musicSessionId)
+                  .one(EVENTS.RSVP_SUBMITTED, function() {
+                    location.reload();
+                  })
+              });
             }
             else {
               var declined = true;
diff --git a/web/app/helpers/feeds_helper.rb b/web/app/helpers/feeds_helper.rb
index 50664cf89..c77c382cd 100644
--- a/web/app/helpers/feeds_helper.rb
+++ b/web/app/helpers/feeds_helper.rb
@@ -50,7 +50,7 @@ module FeedsHelper
   end
 
   def session_name(music_session, user)
-    if music_session.fan_access || ( (user && user.id == music_session.creator.id) || (music_session.band && music_session.band.users.include?(user)) )
+    if music_session.fan_access || music_session.unique_users.include?(user)
       music_session.name
     else
       PRIVATE_TEXT
@@ -58,7 +58,7 @@ module FeedsHelper
   end
 
   def session_description(music_session, user)
-    if music_session.fan_access || ( (user && user.id == music_session.creator.id) || (music_session.band && music_session.band.users.include?(user)) )
+    if music_session.fan_access || music_session.unique_users.include?(user)
       music_session.description
     else
       PRIVATE_TEXT
@@ -96,7 +96,7 @@ module FeedsHelper
 
   def recording_name(recording, user)
     r = recording.candidate_claimed_recording
-    if r.is_public || (user && user.id == r.user.id)
+    if r.is_public || recording.users.include?(user)
       r.name
     else
       PRIVATE_TEXT
@@ -105,7 +105,7 @@ module FeedsHelper
 
   def recording_description(recording, user)
     r = recording.candidate_claimed_recording
-    if r.is_public || (user && user.id == r.user.id)
+    if r.is_public || recording.users.include?(user)
       r.description
     else
       PRIVATE_TEXT
diff --git a/web/app/views/clients/_findSession.html.erb b/web/app/views/clients/_findSession.html.erb
index 1fa5cb07e..5b642c0f2 100644
--- a/web/app/views/clients/_findSession.html.erb
+++ b/web/app/views/clients/_findSession.html.erb
@@ -202,7 +202,7 @@
     </td>
     <td class="noborder rsvp-section">
       <span class="rsvp-msg" style="display:none;">You cannot RSVP to this session.</span>
-      <a class="rsvp-link" style="display:{rsvp_link_display_style};">
+      <a class="rsvp-link">
         <%= image_tag "content/icon_join.png", :size => "19x22" %>
       </a>
     </td>
diff --git a/web/spec/controllers/api_feeds_controller_spec.rb b/web/spec/controllers/api_feeds_controller_spec.rb
index 541366306..e6b73e23f 100644
--- a/web/spec/controllers/api_feeds_controller_spec.rb
+++ b/web/spec/controllers/api_feeds_controller_spec.rb
@@ -124,6 +124,9 @@ describe ApiFeedsController do
       get :index, { user: music_session.creator.id }
       json = JSON.parse(response.body, :symbolize_names => true)
       json[:entries].length.should == 1
+
+      json[:entries][0][:helpers][:name].should == music_session.music_session.name
+      json[:entries][0][:helpers][:description].should == music_session.music_session.description
     end
 
     it "user viewing someone else's profile" do
@@ -136,6 +139,9 @@ describe ApiFeedsController do
       get :index,  { user: music_session.creator.id }
       json = JSON.parse(response.body, :symbolize_names => true)
       json[:entries].length.should == 1
+
+      json[:entries][0][:helpers][:name].should == "Private"
+      json[:entries][0][:helpers][:description].should == "Private"
     end
   end
 
@@ -155,6 +161,9 @@ describe ApiFeedsController do
       get :index, { band: band.id }
       json = JSON.parse(response.body, :symbolize_names => true)
       json[:entries].length.should == 1
+
+      json[:entries][0][:helpers][:name].should == claimed_recording1.name
+      json[:entries][0][:helpers][:description].should == claimed_recording1.description
     end
 
     it "user viewing someone else's band" do
@@ -172,6 +181,9 @@ describe ApiFeedsController do
       get :index, { band: band.id }
       json = JSON.parse(response.body, :symbolize_names => true)
       json[:entries].length.should == 1
+
+      json[:entries][0][:helpers][:name].should == "Private"
+      json[:entries][0][:helpers][:description].should == "Private"
     end
   end
 end