diff --git a/.config/.cypress.js b/.config/.cypress.js
index 5d8e10485..da8f635df 100644
--- a/.config/.cypress.js
+++ b/.config/.cypress.js
@@ -3,5 +3,35 @@ module.exports = {
     // Base URL is set via Docker environment variable
     viewportHeight: 1000,
     viewportWidth: 1400,
+
+    // https://docs.cypress.io/api/plugins/browser-launch-api#Changing-browser-preferences
+    setupNodeEvents(on, _config) {
+      on("before:browser:launch", (browser, launchOptions) => {
+        if (browser.family === "chromium" && browser.name !== "electron") {
+          // auto open devtools
+          launchOptions.args.push("--auto-open-devtools-for-tabs");
+
+          // TODO (clipboard): We use the obsolete clipboard API from browsers, i.e.
+          // document.execCommand("copy"). There's a new Clipboard API that is supported
+          // by modern browsers. Once we switch to that API, use the following code
+          // to allow requesting permission (clipboard permission) in a non-secure
+          // context (http). Remaining TODO in this case: search for the equivalent
+          // flag in Firefox & Electron (if we also want to test them).
+          // launchOptions.args.push("--unsafely-treat-insecure-origin-as-secure=http://mampf:3000");
+        }
+
+        if (browser.family === "firefox") {
+          // auto open devtools
+          launchOptions.args.push("-devtools");
+        }
+
+        if (browser.name === "electron") {
+          // auto open devtools
+          launchOptions.preferences.devTools = true;
+        }
+
+        return launchOptions;
+      });
+    },
   },
 };
diff --git a/.vscode/settings.json b/.vscode/settings.json
index bb386a29a..c9fefa3fe 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -107,6 +107,7 @@
         "factorybot",
         "helpdesk",
         "katex",
+        "Timecop",
         "turbolinks"
     ]
 }
\ No newline at end of file
diff --git a/Gemfile b/Gemfile
index ae1dffb97..88ba106dc 100644
--- a/Gemfile
+++ b/Gemfile
@@ -87,8 +87,9 @@ group :test do
   gem "database_cleaner-active_record", "~> 2.2" # clean up database between tests
   gem "faker", "~> 3.4"
   gem "launchy", "~> 3.0"
-  gem "selenium-webdriver" # support for Capybara system testing and selenium driver, '~> 4.10.0'
+  gem "selenium-webdriver", "~> 4.10.0" # support for Capybara system testing and selenium driver
   gem "simplecov", "~> 0.22", require: false
+  gem "timecop", "~> 0.9.10"
   gem "webdrivers", "~> 5.3"
 end
 
diff --git a/Gemfile.lock b/Gemfile.lock
index be6716650..337eaceaa 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -620,6 +620,7 @@ GEM
     thor (1.3.1)
     tilt (2.4.0)
     timeago_js (3.0.2.2)
+    timecop (0.9.10)
     timeout (0.4.1)
     tins (1.33.0)
       bigdecimal
@@ -725,7 +726,7 @@ DEPENDENCIES
   rubocop-rails (~> 2.24)
   rubyzip (~> 2.3)
   sass-rails (~> 6.0)
-  selenium-webdriver
+  selenium-webdriver (~> 4.10.0)
   shrine (~> 3.6)
   sidekiq (~> 7.3)
   sidekiq-cron (~> 1.12)
@@ -740,6 +741,7 @@ DEPENDENCIES
   terser (~> 1.2)
   thredded!
   thredded-markdown_katex!
+  timecop (~> 0.9.10)
   trix-rails (~> 2.4)
   turbolinks (~> 5.2)
   web-console (~> 4.2)
diff --git a/app/abilities/voucher_ability.rb b/app/abilities/voucher_ability.rb
new file mode 100644
index 000000000..173c693ae
--- /dev/null
+++ b/app/abilities/voucher_ability.rb
@@ -0,0 +1,11 @@
+class VoucherAbility
+  include CanCan::Ability
+
+  def initialize(user)
+    clear_aliased_actions
+
+    can [:create, :invalidate], Voucher do |voucher|
+      user.can_update_personell?(voucher.lecture)
+    end
+  end
+end
diff --git a/app/assets/javascripts/application.js b/app/assets/javascripts/application.js
index b6faa2615..facf7493c 100644
--- a/app/assets/javascripts/application.js
+++ b/app/assets/javascripts/application.js
@@ -27,6 +27,7 @@
 //= require bootstrap_popovers
 //= require chapters
 //= require clickers
+//= require copy_and_paste_button
 //= require courses
 //= require erdbeere
 //= require file_upload
diff --git a/app/assets/javascripts/copy_and_paste_button.js b/app/assets/javascripts/copy_and_paste_button.js
new file mode 100644
index 000000000..fe0e41bc3
--- /dev/null
+++ b/app/assets/javascripts/copy_and_paste_button.js
@@ -0,0 +1,32 @@
+$(document).on("turbolinks:load", function () {
+  // TODO: this is using clipboard.js, which makes use of deprecated browser APIs
+  // see issue #684
+  new Clipboard(".clipboard-btn");
+
+  $(document).on("click", ".clipboard-button", function () {
+    $(".token-clipboard-popup").removeClass("show");
+
+    let dataId = $(this).data("id");
+    let popup;
+    if (dataId) {
+      popup = `.token-clipboard-popup[data-id="${$(this).data("id")}"]`;
+    }
+    else {
+      // This is a workaround for the transition to the new ClipboardAPI
+      // as intermediate solution that respects that the whole button should
+      // be clickable, not just the icon itself.
+      // See app/views/vouchers/_voucher.html.erb as an example.
+      popup = $(this).find(".token-clipboard-popup");
+    }
+
+    $(popup).addClass("show");
+    setTimeout(() => {
+      $(popup).removeClass("show");
+    }, 1700);
+  });
+});
+
+// clean up for turbolinks
+$(document).on("turbolinks:before-cache", function () {
+  $(document).off("click", ".clipboard-button");
+});
diff --git a/app/assets/javascripts/submissions.coffee b/app/assets/javascripts/submissions.coffee
index 3224b5669..cf4d9c990 100644
--- a/app/assets/javascripts/submissions.coffee
+++ b/app/assets/javascripts/submissions.coffee
@@ -1,5 +1,4 @@
 $(document).on 'turbolinks:load', ->
-  clipboard = new Clipboard('.clipboard-btn')
 
   $(document).on 'click', '#removeUserManuscript', ->
     $('#userManuscriptMetadata').hide()
@@ -9,20 +8,9 @@ $(document).on 'turbolinks:load', ->
     $('#submission_detach_user_manuscript').val('true')
     return
 
-  $(document).on 'click', '.clipboard-button', ->
-    $('.token-clipboard-popup').removeClass('show')
-    id = $(this).data('id')
-    $('.token-clipboard-popup[data-id="'+id+'"]').addClass('show')
-    restoreClipboardButton = ->
-      $('.token-clipboard-popup[data-id="'+id+'"]').removeClass('show')
-      return
-    setTimeout(restoreClipboardButton, 1500)
-    return
-
   return
 
 # clean up for turbolinks
 $(document).on 'turbolinks:before-cache', ->
   $(document).off 'click', '#removeUserManuscript'
-  $(document).off 'click', '.clipboard-button'
   return
\ No newline at end of file
diff --git a/app/assets/stylesheets/lectures.scss b/app/assets/stylesheets/lectures.scss
index be454a4d7..1476a1c4b 100644
--- a/app/assets/stylesheets/lectures.scss
+++ b/app/assets/stylesheets/lectures.scss
@@ -123,6 +123,16 @@ h3.lecture-pane-header {
   font-size: 1.3em;
 }
 
+h4.lecture-pane-subheader {
+  color: #838383;
+  font-size: 1.1em;
+}
+
+.voucher-card {
+  border: gray 1px solid;
+  border-radius: 0.4em;
+}
+
 #announcements-list {
   max-height: 17em;
   overflow-x: hidden;
diff --git a/app/assets/stylesheets/submissions.scss b/app/assets/stylesheets/submissions.scss
index 365213740..4b06d0fd1 100644
--- a/app/assets/stylesheets/submissions.scss
+++ b/app/assets/stylesheets/submissions.scss
@@ -18,7 +18,7 @@
 }
 
 /* The actual popup */
-.clipboardpopup .clipboardpopuptext {
+.clipboardpopuptext {
   visibility: hidden;
   width: 200px;
   background-color: #555;
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 0a5a60683..ea2e6c943 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -111,6 +111,9 @@ def store_interaction
       # as of Rack 2.0.8, the session_id is wrapped in a class of its own
       # it is not a string anymore
       # see https://github.com/rack/rack/issues/1433
+
+      return if request.session_options[:id].nil?
+
       InteractionSaver.perform_async(request.session_options[:id].public_id,
                                      request.original_fullpath,
                                      request.referer,
diff --git a/app/controllers/cypress/timecop_controller.rb b/app/controllers/cypress/timecop_controller.rb
new file mode 100644
index 000000000..f8378568d
--- /dev/null
+++ b/app/controllers/cypress/timecop_controller.rb
@@ -0,0 +1,25 @@
+module Cypress
+  # Allows to travel to a date in the backend via Cypress tests.
+
+  class TimecopController < CypressController
+    # Travels to a specific date and time.
+    #
+    # Time is passed as local time. If you want to pass a UTC time, set the
+    # parameter `use_utc` to true.
+    def travel
+      new_time = if params[:use_utc] == "true"
+        Time.utc(params[:year], params[:month], params[:day],
+                 params[:hours], params[:minutes], params[:seconds])
+      else
+        Time.zone.local(params[:year], params[:month], params[:day],
+                        params[:hours], params[:minutes], params[:seconds])
+      end
+
+      render json: Timecop.travel(new_time), status: :created
+    end
+
+    def reset
+      render json: Timecop.return, status: :created
+    end
+  end
+end
diff --git a/app/controllers/vouchers_controller.rb b/app/controllers/vouchers_controller.rb
new file mode 100644
index 000000000..06a25b7e2
--- /dev/null
+++ b/app/controllers/vouchers_controller.rb
@@ -0,0 +1,83 @@
+class VouchersController < ApplicationController
+  load_and_authorize_resource
+  before_action :find_voucher, only: :invalidate
+
+  def current_ability
+    @current_ability ||= VoucherAbility.new(current_user)
+  end
+
+  def create
+    set_related_data
+    respond_to do |format|
+      if @voucher.save
+        handle_successful_save(format)
+      else
+        handle_failed_save(format)
+      end
+    end
+  end
+
+  def invalidate
+    set_related_data
+    @voucher.update(invalidated_at: Time.zone.now)
+    respond_to do |format|
+      format.html { redirect_to edit_lecture_path(@lecture, anchor: "people") }
+      format.js
+    end
+  end
+
+  def redeem
+    # TODO: this will be dealt with in the corresponding 2nd PR
+    render js: "alert('Voucher redeemed!')"
+  end
+
+  private
+
+    def voucher_params
+      params.permit(:lecture_id, :role)
+    end
+
+    def find_voucher
+      @voucher = Voucher.find_by(id: params[:id])
+      return if @voucher
+
+      handle_voucher_not_found
+    end
+
+    def set_related_data
+      @lecture = @voucher.lecture
+      @role = @voucher.role
+      I18n.locale = @lecture.locale
+    end
+
+    def handle_successful_save(format)
+      format.html { redirect_to edit_lecture_path(@lecture, anchor: "people") }
+      format.js
+    end
+
+    def handle_failed_save(format)
+      error_message = @voucher.errors.full_messages.join(", ")
+      format.html do
+        redirect_to edit_lecture_path(@lecture, anchor: "people"),
+                    alert: error_message
+      end
+      format.js do
+        render "error", locals: { error_message: error_message }
+      end
+    end
+
+    def handle_voucher_not_found
+      I18n.locale = current_user.locale
+      error_message = I18n.t("controllers.no_voucher")
+      respond_to do |format|
+        format.html do
+          redirect_back(alert: error_message,
+                        fallback_location: root_path)
+        end
+        format.js do
+          render "error",
+                 locals: { error_message: error_message }
+        end
+      end
+    end
+end
diff --git a/app/models/lecture.rb b/app/models/lecture.rb
index 973ac82d0..28796e2fe 100644
--- a/app/models/lecture.rb
+++ b/app/models/lecture.rb
@@ -63,6 +63,10 @@ class Lecture < ApplicationRecord
   # a lecture has many assignments (e.g. exercises with deadlines)
   has_many :assignments
 
+  # a lecture has many vouchers that can be redeemed to promote
+  # users to tutors, editors or teachers
+  has_many :vouchers, dependent: :destroy
+
   # a lecture has many structure_ids, referring to the ids of structures
   # in the erdbeere database
   serialize :structure_ids, type: Array, coder: YAML
@@ -841,6 +845,10 @@ def valid_annotations_status?
     [0, 1].include?(annotations_status)
   end
 
+  def active_voucher_of_role(role)
+    vouchers.where(role: role).active&.first
+  end
+
   private
 
     # used for after save callback
diff --git a/app/models/voucher.rb b/app/models/voucher.rb
new file mode 100644
index 000000000..1517a8708
--- /dev/null
+++ b/app/models/voucher.rb
@@ -0,0 +1,66 @@
+class Voucher < ApplicationRecord
+  SPEAKER_EXPIRATION_DAYS = 30
+  TUTOR_EXPIRATION_DAYS = 14
+  DEFAULT_EXPIRATION_DAYS = 3
+
+  ROLE_HASH = { tutor: 0, editor: 1, teacher: 2, speaker: 3 }.freeze
+  enum role: ROLE_HASH
+  validates :role, presence: true
+
+  belongs_to :lecture, touch: true
+
+  before_create :generate_secure_hash
+  before_create :add_expiration_datetime
+  before_create :ensure_no_other_active_voucher
+  before_create :ensure_speaker_vouchers_only_for_seminars
+
+  scope :active, lambda {
+                   where("expires_at > ? AND invalidated_at IS NULL",
+                         Time.zone.now)
+                 }
+
+  self.implicit_order_column = :created_at
+
+  def self.roles_for_lecture(lecture)
+    return ROLE_HASH.keys if lecture.seminar?
+
+    ROLE_HASH.keys - [:speaker]
+  end
+
+  private
+
+    def generate_secure_hash
+      self.secure_hash = SecureRandom.hex(16)
+    end
+
+    def add_expiration_datetime
+      self.expires_at = created_at + expiration_days.days
+    end
+
+    def ensure_no_other_active_voucher
+      return unless lecture
+      return unless lecture.vouchers.where(role: role).active.any?
+
+      errors.add(:role,
+                 I18n.t("activerecord.errors.models.voucher.attributes.role." \
+                        "only_one_active"))
+      throw(:abort)
+    end
+
+    def ensure_speaker_vouchers_only_for_seminars
+      return unless speaker?
+      return if lecture.seminar?
+
+      errors.add(:role,
+                 I18n.t("activerecord.errors.models.voucher.attributes.role." \
+                        "speaker_vouchers_only_for_seminars"))
+      throw(:abort)
+    end
+
+    def expiration_days
+      return SPEAKER_EXPIRATION_DAYS if speaker?
+      return TUTOR_EXPIRATION_DAYS if tutor?
+
+      DEFAULT_EXPIRATION_DAYS
+    end
+end
diff --git a/app/views/lectures/edit/_form.html.erb b/app/views/lectures/edit/_form.html.erb
index 00e2608c3..99d5c0871 100644
--- a/app/views/lectures/edit/_form.html.erb
+++ b/app/views/lectures/edit/_form.html.erb
@@ -6,7 +6,7 @@
       <%= render partial: 'lectures/edit/header',
           locals: { lecture: lecture } %>
     </div>
-    
+
     <!-- Menu to switch between "tabs" ("pillars") -->
     <nav>
       <div class="nav nav-pills container small-width flex-column flex-sm-row"
@@ -86,7 +86,7 @@
           </div>
         </div>
       </div>
-      
+
       <!-- Settings -->
       <div class="tab-pane fade" id="lecture-pane-settings"
           role="tabpanel" aria-labelledby="lecture-nav-settings" tabindex="0">
@@ -102,6 +102,8 @@
         <div class="container small-width lecture-pane">
           <%= render partial: 'lectures/edit/people',
               locals: { lecture: lecture } %>
+          <%= render partial: 'lectures/edit/vouchers',
+              locals: { lecture: lecture } %>
           <%= render partial: 'lectures/edit/tutorials',
               locals: { lecture: lecture } %>
         </div>
@@ -146,7 +148,7 @@
             <%= t('basics.course_editors') %>
               <%= helpdesk(t('admin.lecture.info.course_editors'), false) %>
           </h3>
-          
+
           <div class="col-4">
             <% if lecture.course.editors.present? %>
               <ul>
@@ -180,7 +182,7 @@
   <%= render partial: 'announcements/modal' %>
   <%= render partial: 'lectures/publish/publish',
              locals: { lecture: lecture } %>
-   
+
   <% unless lecture.stale? %>
     <%= render partial: 'lectures/edit/user_modal',
                locals: { lecture: lecture } %>
diff --git a/app/views/lectures/edit/_vouchers.html.erb b/app/views/lectures/edit/_vouchers.html.erb
new file mode 100644
index 000000000..8c9b2582e
--- /dev/null
+++ b/app/views/lectures/edit/_vouchers.html.erb
@@ -0,0 +1,20 @@
+<hr class="lecture-pane-separator">
+<h3 class="lecture-pane-header" data-cy="vouchers-header">
+  <%= t('basics.vouchers') %>
+</h3>
+
+<p>
+  <%= t('admin.voucher.general_explanation') %>
+</p>
+
+<% if current_user.can_update_personell?(lecture) %>
+<div class="row row-cols-1 row-cols-md-2 g-4">
+  <% Voucher.roles_for_lecture(lecture).each do |role| %>
+    <div class="col">
+      <div class="card voucher-card" id='<%= "#{role}"%>-voucher'>
+        <%= render partial: 'vouchers/voucher' , locals: { lecture: lecture, role: role } %>
+      </div>
+    </div>
+  <% end %>
+</div>
+<% end %>
diff --git a/app/views/profile/_redeem_voucher.html.erb b/app/views/profile/_redeem_voucher.html.erb
new file mode 100644
index 000000000..a9278a5f0
--- /dev/null
+++ b/app/views/profile/_redeem_voucher.html.erb
@@ -0,0 +1,9 @@
+<%= form_with url: redeem_voucher_path,
+              remote: true,
+              method: :post, 
+              html: { class: "form-inline" } do |f| %>
+    <div class="form-group d-flex">
+        <%= f.text_field :voucher_hash, class: "form-control me-2 w-50" %>
+        <%= f.submit t('profile.redeem_voucher'), class: "btn btn-primary" %>
+    </div>
+<% end %>
diff --git a/app/views/profile/edit.html.erb b/app/views/profile/edit.html.erb
index d44a0db08..69ba4c401 100644
--- a/app/views/profile/edit.html.erb
+++ b/app/views/profile/edit.html.erb
@@ -108,6 +108,25 @@
     </div>
   </div>
 <% end %>
+<div class="row mb-3">
+  <div class="col-12">
+    <div class="card bg-light">
+      <div class="card-header">
+        <div class="row">
+          <div class="col-12">
+            <h5>
+              <%= t('profile.redeem_voucher') %>
+            </h5>
+          </div>
+        </div>
+      </div>
+      <div class="card-body">
+        <%= render partial: 'profile/redeem_voucher' %>
+      </div>
+    </div>
+  </div>
+</div>
+
 <div class="row mb-3">
     <div class="col-12">
       <div class="card bg-light">
@@ -126,6 +145,8 @@
       </div>
     </div>
   </div>
+
+
 <%= render partial: 'shared/generic_modal',
            locals: { sort: 'deleteAccount',
                      title: t('profile.delete_account') } %>
diff --git a/app/views/vouchers/_voucher.html.erb b/app/views/vouchers/_voucher.html.erb
new file mode 100644
index 000000000..6e87d2d06
--- /dev/null
+++ b/app/views/vouchers/_voucher.html.erb
@@ -0,0 +1,70 @@
+<% voucher = lecture.active_voucher_of_role(role) %>
+
+<div class="card-body">
+
+  <h4 class="card-title lecture-pane-subheader">
+    <%= t("basics.voucher_for", role: t("basics.#{role}s")) %>
+  </h4>
+
+  <% if voucher %>
+    <!-- Secure hash with copy button -->
+    <div class="input-group mb-3">
+      <button class="btn btn-outline-secondary clipboard-btn clipboard-button"
+              title="<%= t('buttons.copy_to_clipboard')%>"
+              data-clipboard-text="<%= voucher.secure_hash %>"
+              data-cy="copy-<%= role %>-voucher-btn">
+        <i class="bi bi-clipboard"></i>
+        <!-- Currently just a workaround for the clipboard -->
+        <div class="clipboardpopup" style="display: block;">
+          <span class="clipboardpopuptext token-clipboard-popup">
+            <%= t('basics.code_copied_to_clipboard') %>
+          </span>
+        </div>
+      </button>
+      <input type="text" class="form-control" disabled
+            value="<%= voucher.secure_hash %>"
+            data-cy='<%= "#{role}-voucher-secure-hash" %>'>
+    </div>
+
+  <% else %>
+    <!-- No active voucher text -->
+    <p>
+      <%= t('admin.lecture.no_active_voucher',
+        role: t("basics.voucher_for", role: t("basics.#{role}s"))) %>
+    </p>
+  <% end %>
+
+  <!-- Buttons to generate/remove voucher -->
+  <% if voucher %>
+    <%= link_to invalidate_voucher_path(voucher),
+        class: 'btn btn-outline-danger',
+        data: { toggle: 'tooltip', placement: 'bottom',
+                confirm: t('admin.voucher.sure_to_delete'),
+                cy: "invalidate-#{role}-voucher-btn" },
+        style: 'text-decoration: none;',
+        method: :post, remote: true do %>
+      <i class="bi bi-trash3"></i>
+      <%= t('buttons.invalidate') %>
+    <% end %>
+  <% else %>
+    <%= link_to vouchers_path(params: { lecture_id: lecture.id, role: role }),
+        class: 'btn btn-outline-primary',
+        data: {toggle: 'tooltip', placement: 'bottom', cy: "create-#{role}-voucher-btn"},
+        method: :post, remote: true do %>
+      <i class="bi bi-plus-lg"></i>
+      <%= t('buttons.create_voucher') %>
+    <% end %>
+  <% end %>
+
+</div>
+
+<!-- Expires at text -->
+<% if voucher %>
+  <div class="card-footer p-3">
+    <%= t('admin.voucher.expires_at') %>:
+    <%= l(voucher.expires_at, format: :long) %>
+    <span data-cy='<%= "#{role}-voucher-expires-at" %>' style="display: none;">
+      <%= voucher.expires_at %>
+    </span>
+  </div>
+<% end %>
diff --git a/app/views/vouchers/create.js.erb b/app/views/vouchers/create.js.erb
new file mode 100644
index 000000000..5a86aa776
--- /dev/null
+++ b/app/views/vouchers/create.js.erb
@@ -0,0 +1,2 @@
+$("#<%= @role %>-voucher").empty()
+  .append("<%= j render partial: 'vouchers/voucher', locals: { lecture: @lecture, role: @role } %>");
diff --git a/app/views/vouchers/error.js.erb b/app/views/vouchers/error.js.erb
new file mode 100644
index 000000000..debc3873c
--- /dev/null
+++ b/app/views/vouchers/error.js.erb
@@ -0,0 +1 @@
+alert("<%= "#{j(error_message)}" %>");
diff --git a/app/views/vouchers/invalidate.js.erb b/app/views/vouchers/invalidate.js.erb
new file mode 100644
index 000000000..5a86aa776
--- /dev/null
+++ b/app/views/vouchers/invalidate.js.erb
@@ -0,0 +1,2 @@
+$("#<%= @role %>-voucher").empty()
+  .append("<%= j render partial: 'vouchers/voucher', locals: { lecture: @lecture, role: @role } %>");
diff --git a/config/locales/de.yml b/config/locales/de.yml
index fa4875bc7..09fecda0a 100644
--- a/config/locales/de.yml
+++ b/config/locales/de.yml
@@ -497,6 +497,8 @@ de:
       import_chapters: Kapitel importieren
       import_sections: Abschnitte importieren
       import_tags: Tags importieren
+      no_active_voucher: >
+        Es gibt keinen aktiven %{role} für diese Veranstaltung.
       info:
         course: >
           Hier kannst Du das Modul auswählen, zu dem diese
@@ -2051,6 +2053,16 @@ de:
       new: 'Neues Tutorium anlegen'
     assignment:
       new: 'Neue Hausaufgabe anlegen'
+    voucher:
+      secure_hash: 'Sicherheits-Hash'
+      expires_at: 'Läuft ab'
+      sure_to_delete: 'Bist Du sicher, dass Du diesen Gutschein löschen möchtest?'
+      general_explanation: >
+        Wenn Du jemandem eine Rolle zuweisen möchtest (z.B. jemanden zum Tutor machen),
+        kannst Du hier einen Gutschein erstellen. Dies ist ein spezieller Code,
+        den die Person in ihrem Profil einlösen kann, um die Rolle zu erhalten.
+        Du solltest den Code über ein anderes Medium an die Person senden,
+        z.B. per E-Mail.
   profile:
     account: 'Account'
     name: 'Anzeigename'
@@ -2181,6 +2193,7 @@ de:
       Daten anfordern
     data_request_sent: >
       Wir haben Deine Anfrage erhalten und werden Dir Deine Daten zeitnah schicken.
+    redeem_voucher: Gutschein einlösen
   mampf_news:
     title: 'MaMpf-News'
     check_notifications: 'Alle erledigen'
@@ -3462,6 +3475,10 @@ de:
     together_with: zusammen mit
     enter_two_letters: mind. 2 Zeichen eingeben
     no_results: Keine Resultate gefunden
+    editors: EditorInnen
+    vouchers: Gutscheine
+    voucher_for: Gutschein für %{role}
+    speakers: Vortragende
   access:
     unpublished: 'unveröffentlicht'
     all: 'frei'
@@ -3492,6 +3509,7 @@ de:
     create_program: 'Studiengang anlegen'
     create_subject: 'Fach anlegen'
     create_division: 'Teilbereich anlegen'
+    create_voucher: 'Gutschein anlegen'
     create: 'Anlegen'
     edit: 'Bearbeiten'
     content: 'Inhalt'
@@ -3568,6 +3586,7 @@ de:
     cancel_publication: 'Stornieren'
     import_lecture_toc: 'Gliederung importieren'
     import_toc: 'Importieren'
+    invalidate: 'Für ungültig erklären'
   warnings:
     save_before: >
       Du musst zunächst die anderen Änderungen speichern oder verwerfen.
@@ -3685,6 +3704,7 @@ de:
       abgegeben werden.
     no_assignments_in_lecture: >
       In dieser Veranstaltung gibt es bisher keine Hausaufgaben.
+    no_voucher: 'Ein Gutschein mit der angeforderten id existiert nicht.'
     tutorials:
       destruction_failed: >
         Das Tutorium konnte nicht gelöscht werden. Das kann z.B. daran liegen,
@@ -3927,6 +3947,13 @@ de:
               out_of_range: >
                 Das abgegebene Votum ist leider außerhalb des zulässingen
                 Bereiches.
+        voucher:
+          attributes:
+            role:
+              only_one_active: >
+                Für diese Vorlesung kann es nur einen aktiven Voucher dieses Typs geben.
+              speaker_vouchers_only_for_seminars: >
+                Vortragenden-Gutscheine können nur für Seminare erstellt werden.
         watchlist_entry:
           attributes:
             medium_id:
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 454915f45..ed1fb8ff9 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -496,6 +496,8 @@ en:
       import_chapters: import chapters
       import_sections: import sections
       import_tags: import tags
+      no_active_voucher: >
+        There is no active %{role} for this event series.
       info:
         course: >
           Here you can select the course to which this event series belongs.
@@ -1929,6 +1931,15 @@ en:
       new: 'Add tutorial'
     assignment:
       new: 'Add assignment'
+    voucher:
+      secure_hash: 'Secure Hash'
+      expires_at: 'Expires at'
+      sure_to_delete: 'Are you sure you want to delete this voucher?'
+      general_explanation: >
+        If you want to assign somebody a role (e.g. make them a tutor), you can
+        create a voucher. This is a special code that the person can redeem in
+        their profile to get the role, e.g. to become a tutor for your lecture.
+        You should send the code to the person via a different medium, e.g. email.
   profile:
     account: 'Account'
     name: 'Display name'
@@ -2051,6 +2062,7 @@ en:
       Request data
     data_request_sent: >
       We have received your request and will send you your data as soon as possible.
+    redeem_voucher: Redeeem Voucher
   mampf_news:
     title: 'MaMpf News'
     check_notifications: 'Clear all'
@@ -3275,6 +3287,9 @@ en:
     together_with: together with
     enter_two_letters: enter at least 2 letters
     no_results: No results found
+    vouchers: Vouchers
+    voucher_for: Voucher for %{role}
+    speakers: Speakers
   warnings:
     save_before: 'Before you continue, you need to save or discard your changes'
     unsaved_changes: >
@@ -3309,6 +3324,7 @@ en:
     create_program: 'Create Study Path'
     create_subject: 'Create Subject'
     create_division: 'Create Division'
+    create_voucher: 'Create Voucher'
     create: 'Create'
     edit: 'Edit'
     content: 'Content'
@@ -3385,6 +3401,7 @@ en:
     cancel_publication: 'Cancel'
     import_lecture_toc: 'Import TOC'
     import_toc: 'Import'
+    invalidate: 'Invalidate'
   confirmation:
     generic: 'Are you sure?'
     delete_graph: >
@@ -3493,6 +3510,7 @@ en:
       made.
     no_assignments_in_lecture: >
       In this event series there are no assigments yet.
+    no_voucher: 'There is no voucher with this id.'
     tutorials:
       destruction_failed: >
         The tutorial could not be deleted. That may be because there are already
@@ -3717,6 +3735,13 @@ en:
             value:
               out_of_range: >
                 Your vote is outside of the allowed range.
+        voucher:
+          attributes:
+            role:
+              only_one_active: >
+                There can be only one active voucher of this type for the lecture.
+              speaker_vouchers_only_for_seminars: >
+                Speaker vouchers are only allowed for seminars.
         watchlist_entry:
           attributes:
             medium_id:
diff --git a/config/routes.rb b/config/routes.rb
index d9925650a..9e67f40d1 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -14,6 +14,8 @@
       resources :database_cleaner, only: :create
       resources :user_creator, only: :create
       resources :i18n, only: :create
+      post "timecop/travel", to: "timecop#travel"
+      post "timecop/reset", to: "timecop#reset"
     end
   end
 
@@ -811,6 +813,16 @@
 
   resources :users, only: [:index, :edit, :update, :destroy]
 
+  post "vouchers/redeem",
+       to: "vouchers#redeem",
+       as: "redeem_voucher"
+
+  post "vouchers/:id/invalidate",
+       to: "vouchers#invalidate",
+       as: "invalidate_voucher"
+
+  resources :vouchers, only: [:create]
+
   # watchlists routes
 
   get "watchlists/add_medium/:medium_id",
diff --git a/db/migrate/20240906200000_create_vouchers.rb b/db/migrate/20240906200000_create_vouchers.rb
new file mode 100644
index 000000000..274145b7c
--- /dev/null
+++ b/db/migrate/20240906200000_create_vouchers.rb
@@ -0,0 +1,13 @@
+class CreateVouchers < ActiveRecord::Migration[7.1]
+  def change
+    create_table :vouchers, id: :uuid do |t|
+      t.integer :role, null: false
+      t.references :lecture, null: false, foreign_key: true
+      t.string :secure_hash, null: false
+      t.datetime :invalidated_at
+      t.datetime :expires_at
+      t.timestamps
+    end
+    add_index :vouchers, :secure_hash, unique: true
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 9f40b301b..2dbe426b7 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.1].define(version: 2024_06_05_200000) do
+ActiveRecord::Schema[7.1].define(version: 2024_09_06_200000) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "pgcrypto"
   enable_extension "plpgsql"
@@ -902,6 +902,18 @@
     t.index ["voter_type", "voter_id"], name: "index_votes_on_voter_type_and_voter_id"
   end
 
+  create_table "vouchers", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
+    t.integer "role", null: false
+    t.bigint "lecture_id", null: false
+    t.string "secure_hash", null: false
+    t.datetime "invalidated_at"
+    t.datetime "expires_at"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["lecture_id"], name: "index_vouchers_on_lecture_id"
+    t.index ["secure_hash"], name: "index_vouchers_on_secure_hash", unique: true
+  end
+
   create_table "vtt_containers", force: :cascade do |t|
     t.text "table_of_contents_data"
     t.text "references_data"
@@ -973,6 +985,7 @@
   add_foreign_key "user_favorite_lecture_joins", "lectures"
   add_foreign_key "user_favorite_lecture_joins", "users"
   add_foreign_key "user_submission_joins", "users"
+  add_foreign_key "vouchers", "lectures"
   add_foreign_key "watchlist_entries", "media"
   add_foreign_key "watchlist_entries", "watchlists"
   add_foreign_key "watchlists", "users"
diff --git a/spec/controllers/vouchers_controller_spec.rb b/spec/controllers/vouchers_controller_spec.rb
new file mode 100644
index 000000000..44a26e6de
--- /dev/null
+++ b/spec/controllers/vouchers_controller_spec.rb
@@ -0,0 +1,58 @@
+require "rails_helper"
+RSpec.describe(VouchersController, type: :controller) do
+  let(:teacher) { FactoryBot.create(:confirmed_user) }
+  let(:generic_user) { FactoryBot.create(:confirmed_user) }
+  let(:lecture) { FactoryBot.create(:lecture, teacher: teacher) }
+  let(:role) { :tutor }
+
+  context "As an authorized user" do
+    before do
+      sign_in teacher
+    end
+
+    describe "POST #create" do
+      it "creates a new voucher" do
+        expect do
+          post(:create, params: { lecture_id: lecture.id, role: role })
+        end.to change(lecture.vouchers, :count).by(1)
+      end
+    end
+
+    describe "POST #invalidate" do
+      it "invalidates the voucher" do
+        voucher = FactoryBot.create(:voucher, lecture: lecture)
+        post(:invalidate, params: { id: voucher.id })
+        voucher.reload
+        expect(Voucher.find(voucher.id).invalidated_at).not_to be_nil
+      end
+    end
+  end
+
+  context "As an unauthorized user" do
+    before do
+      sign_in generic_user
+    end
+
+    describe "POST #create" do
+      it "does not create a new voucher" do
+        expect do
+          post(:create, params: { lecture_id: lecture.id, role: role })
+        end.not_to change(lecture.vouchers, :count)
+      end
+
+      it "redirects to root path" do
+        post(:create, params: { lecture_id: lecture.id, role: role })
+        expect(response).to redirect_to(root_path)
+      end
+    end
+
+    describe "POST #invalidate" do
+      it "does not invalidate the voucher" do
+        voucher = FactoryBot.create(:voucher, lecture: lecture)
+        post(:invalidate, params: { id: voucher.id })
+        voucher.reload
+        expect(voucher.invalidated_at).to be_nil
+      end
+    end
+  end
+end
diff --git a/spec/cypress/e2e/vouchers_spec.cy.js b/spec/cypress/e2e/vouchers_spec.cy.js
new file mode 100644
index 000000000..c667748f2
--- /dev/null
+++ b/spec/cypress/e2e/vouchers_spec.cy.js
@@ -0,0 +1,167 @@
+import FactoryBot from "../support/factorybot";
+import Timecop from "../support/timecop";
+
+const ROLES = ["tutor", "editor", "teacher", "speaker"];
+const ROLES_WITHOUT_SEMINAR = ROLES.filter(role => role !== "speaker");
+
+function createLectureScenario(context, type = "lecture") {
+  cy.createUserAndLogin("teacher").as("teacher");
+
+  cy.then(() => {
+    FactoryBot.create(type, { teacher_id: context.teacher.id }).as("lecture");
+  });
+
+  cy.then(() => {
+    cy.visit(`/lectures/${context.lecture.id}/edit#people`);
+    cy.getBySelector("vouchers-header").should("be.visible");
+  });
+
+  cy.i18n("basics.vouchers").as("vouchers");
+}
+
+function assertVoucherShown(role) {
+  cy.getBySelector(`create-${role}-voucher-btn`).should("not.exist");
+  cy.getBySelector(`invalidate-${role}-voucher-btn`).should("be.visible");
+  cy.getBySelector(`${role}-voucher-secure-hash`)
+    .invoke("val").should("match", /^([a-z0-9]){32}$/);
+}
+
+function assertVoucherNotShown(role) {
+  cy.getBySelector(`invalidate-${role}-voucher-btn`).should("not.exist");
+  cy.getBySelector(`create-${role}-voucher-btn`).should("be.visible");
+  cy.getBySelector(`${role}-voucher-secure-hash`).should("not.exist");
+}
+
+function testCreateVoucher(role) {
+  cy.getBySelector(`create-${role}-voucher-btn`).click();
+  assertVoucherShown(role);
+}
+
+function testInvalidateVoucher(role) {
+  cy.getBySelector(`invalidate-${role}-voucher-btn`).click();
+  cy.on("window:confirm", () => true); // Confirm popup
+  assertVoucherNotShown(role);
+}
+
+context("When the lecture is not a seminar", () => {
+  beforeEach(function () {
+    createLectureScenario(this);
+  });
+
+  describe("People tab in lecture edit page", () => {
+    it("shows buttons for creating tutor, editor and teacher vouchers", function () {
+      cy.contains(this.vouchers).should("be.visible");
+
+      ROLES_WITHOUT_SEMINAR.forEach((role) => {
+        cy.getBySelector(`create-${role}-voucher-btn`).should("be.visible");
+      });
+
+      cy.getBySelector("create-speaker-voucher-btn").should("not.exist");
+    });
+
+    it("displays the voucher and invalidate button after the create button is clicked", function () {
+      ROLES_WITHOUT_SEMINAR.forEach((role) => {
+        testCreateVoucher(role);
+      });
+    });
+
+    it("displays that there is no active voucher after the invalidate button is clicked", function () {
+      ROLES_WITHOUT_SEMINAR.forEach((role) => {
+        testCreateVoucher(role);
+        testInvalidateVoucher(role);
+      });
+    });
+
+    it.skip("copies the voucher hash to the clipboard", function () {
+      ROLES_WITHOUT_SEMINAR.forEach((role) => {
+        cy.getBySelector(`create-${role}-voucher-btn`).click();
+        cy.getBySelector(`${role}-voucher-secure-hash`).then(($hash) => {
+          const hashText = $hash.text();
+          cy.getBySelector(`copy-${role}-voucher-btn`).click();
+          cy.assertCopiedToClipboard(hashText);
+        });
+      });
+    });
+  });
+});
+
+context("When the lecture is a seminar", () => {
+  beforeEach(function () {
+    createLectureScenario(this, "seminar");
+  });
+
+  describe("People tab in lecture edit page", () => {
+    it("shows buttons for creating tutor, editor, teacher, and speaker vouchers", function () {
+      cy.contains(this.vouchers).should("be.visible");
+      ROLES.forEach((role) => {
+        cy.getBySelector(`create-${role}-voucher-btn`).should("be.visible");
+      });
+    });
+
+    it("displays the voucher and invalidate button after the create button is clicked", function () {
+      ROLES.forEach((role) => {
+        testCreateVoucher(role);
+      });
+    });
+
+    it("displays that there is no active voucher after the invalidate button is clicked", function () {
+      ROLES.forEach((role) => {
+        testCreateVoucher(role);
+        testInvalidateVoucher(role);
+      });
+    });
+  });
+});
+
+context("When traveling into the future", () => {
+  beforeEach(function () {
+    createLectureScenario(this, "seminar");
+  });
+
+  afterEach(() => {
+    Timecop.reset();
+  });
+
+  it("does not show expired vouchers (far in the future)", function () {
+    ROLES.forEach((role) => {
+      testCreateVoucher(role);
+    });
+
+    // This behavior is more extensively tested via unit tests in the backend.
+    // This is just a sanity check where we travel *far* into the future.
+    Timecop.moveAheadDays(1000).then(() => {
+      cy.reload();
+      ROLES.forEach((role) => {
+        assertVoucherNotShown(role);
+      });
+    });
+  });
+
+  it("does not show expired vouchers (near future)", function () {
+    ROLES.forEach((role) => {
+      testCreateVoucher(role);
+      textExpiresAtWithTimeTravel(role);
+    });
+
+    function textExpiresAtWithTimeTravel(role) {
+    // find date string, read it, then travel to that date (+1 minute)
+      cy.getBySelector(`${role}-voucher-expires-at`).then(($expiresAt) => {
+        const date = new Date($expiresAt.text());
+        date.setMinutes(date.getMinutes() + 1);
+        cy.isValidDate(date).then((isValid) => {
+          expect(isValid).to.be.true;
+        });
+
+        cy.log(`Traveling to ${date.toISOString()} (UTC)`);
+        Timecop.travelToDate(date, true);
+      });
+
+      cy.then(() => {
+        cy.reload();
+        assertVoucherNotShown(role);
+      });
+
+      Timecop.reset();
+    }
+  });
+});
diff --git a/spec/cypress/support/commands.js b/spec/cypress/support/commands.js
index f965e0486..54776cfcb 100644
--- a/spec/cypress/support/commands.js
+++ b/spec/cypress/support/commands.js
@@ -20,6 +20,62 @@ Cypress.Commands.add("clickExpectNewTab", { prevSubject: true }, ($subject, args
   return cy.wrap($subject).invoke("removeAttr", "target").click(args);
 });
 
+Cypress.Commands.add("assertCopiedToClipboard", (_expectedText) => {
+  cy.fail("Not implemented yet");
+
+  // An old method would consist of something like this:
+  // adapted from https://stackoverflow.com/a/69571115
+  // and https://stackoverflow.com/a/33928558
+
+  //////////////////////////////////////////////////////////////////////////////
+  // NEW PROPOSED SOLUTION for the new Clipboard API
+  //////////////////////////////////////////////////////////////////////////////
+
+  // TODO (clipboard): We currently use the obsolete clipboard API from browsers,
+  // i.e. document.execCommand("copy") via the clipboard.js library.
+  // There's a new Clipboard API that is supported by modern browsers.
+  // Once we switch to that API, use the following code to test copying to
+  // the clipboard. Also see this GitHub issue for more information:
+  // https://github.com/cypress-io/cypress/issues/2752
+  //
+  // Note that another option to test the clipboard content then would be
+  // https://github.com/cypress-io/cypress/issues/2752#issuecomment-1039285381
+  // which wouldn't even require requesting permissions but might have its
+  // own limitations.
+
+  // Request clipboard permissions
+  // by https://stackoverflow.com/a/73329952/9655481
+  // Note that this won't work by default in a non-secure context (http), so we need to
+  // pass the flag --unsafely-treat-insecure-origin-as-secure=http://mampf:3000
+  // to the browser when starting it (see the cypress config)
+  // cy.wrap(Cypress.automation("remote:debugger:protocol", {
+  //   command: "Browser.grantPermissions",
+  //   params: {
+  //     permissions: ["clipboardReadWrite", "clipboardSanitizedWrite"],
+  //   },
+  // }));
+
+  // Make sure clipboard permissions were granted
+  // https://stackoverflow.com/questions/61650737/how-to-fetch-copied-to-clipboard-content-in-cypress/73329952#comment137190789_69571115
+  // cy.window().its("navigator.permissions")
+  //   .then(api => api.query({ name: "clipboard-read" }))
+  //   .its("state").should("equal", "granted");
+
+  // https://stackoverflow.com/a/75928308/
+  // cy.window().its("navigator.clipboard")
+  //   .then(clip => clip.readText())
+  //   .should("equal", expectedText);
+});
+
+Cypress.Commands.add("isValidDate", (date) => {
+  // https://stackoverflow.com/a/1353711/
+  return date instanceof Date && !isNaN(date);
+});
+
+////////////////////////////////////////////////////////////////////////////////
+// Custom commands for backend interaction
+////////////////////////////////////////////////////////////////////////////////
+
 Cypress.Commands.add("cleanDatabase", () => {
   return BackendCaller.callCypressRoute("database_cleaner", "cy.cleanDatabase()", {});
 });
diff --git a/spec/cypress/support/timecop.js b/spec/cypress/support/timecop.js
new file mode 100644
index 000000000..9d6dd5926
--- /dev/null
+++ b/spec/cypress/support/timecop.js
@@ -0,0 +1,59 @@
+import BackendCaller from "./backend_caller";
+
+/**
+ * Helper to call Timecop from Cypress tests, which is used to freeze or travel
+ * time in the backend.
+ *
+ * This is different from cy.clock() which only affects the frontend.
+ */
+class Timecop {
+  /**
+   * Travels to the given date in the backend.
+   *
+   * By default, the date is assumed to be in the local timezone (assuming the
+   * backend is configured to use local time).
+   */
+  #travelTo(year, month, day, hours = 0, minutes = 0, seconds = 0, useUTC = false) {
+    return BackendCaller.callCypressRoute("timecop/travel", "Timecop.travel()",
+      { year: year, month: month, day: day,
+        hours: hours, minutes: minutes, seconds: seconds,
+        use_utc: useUTC,
+      });
+  }
+
+  /**
+   * Travels to the given date in the backend.
+   *
+   * By default, the date is assumed to be in the local timezone (assuming the
+   * backend is configured to use local time).
+   */
+  travelToDate(date, useUTC = false) {
+    return this.#travelTo(
+      date.getFullYear(), date.getMonth() + 1, date.getDate(),
+      date.getHours(), date.getMinutes(), date.getSeconds(),
+      useUTC,
+    );
+  }
+
+  /**
+   * Moves the time ahead by the given number of days.
+   */
+  moveAheadDays(days) {
+    const now = new Date();
+    now.setDate(now.getDate() + days);
+    cy.log(`Moving ahead ${days} days to ${now.toISOString()}`);
+    return this.#travelTo(
+      now.getFullYear(), now.getMonth() + 1, now.getDate(),
+      now.getHours(), now.getMinutes(), now.getSeconds(),
+    );
+  }
+
+  /**
+   * Resets the time in the backend to the current time.
+   */
+  reset() {
+    return BackendCaller.callCypressRoute("timecop/reset", "Timecop.reset()");
+  }
+}
+
+export default new Timecop();
diff --git a/spec/factories/vouchers.rb b/spec/factories/vouchers.rb
new file mode 100644
index 000000000..9605883bb
--- /dev/null
+++ b/spec/factories/vouchers.rb
@@ -0,0 +1,32 @@
+FactoryBot.define do
+  factory :voucher do
+    role { :tutor }
+    association :lecture
+
+    trait :tutor do
+      role { :tutor }
+    end
+
+    trait :editor do
+      role { :editor }
+    end
+
+    trait :teacher do
+      role { :teacher }
+    end
+
+    trait :speaker do
+      role { :speaker }
+    end
+
+    trait :expired do
+      after(:create) do |voucher|
+        voucher.update(expires_at: 1.day.ago)
+      end
+    end
+
+    trait :invalidated do
+      invalidated_at { 1.day.ago }
+    end
+  end
+end
diff --git a/spec/models/lecture_spec.rb b/spec/models/lecture_spec.rb
index 59966f827..d6c067565 100644
--- a/spec/models/lecture_spec.rb
+++ b/spec/models/lecture_spec.rb
@@ -130,6 +130,31 @@
     end
   end
 
+  describe "#active_voucher_of_role" do
+    let(:lecture) { FactoryBot.create(:lecture) }
+    let(:role) { :tutor }
+
+    context "when there is an active voucher of the specified role" do
+      let!(:active_voucher) do
+        FactoryBot.create(:voucher, role: role, lecture: lecture)
+      end
+
+      it "returns the voucher" do
+        expect(lecture.active_voucher_of_role(role)).to eq(active_voucher)
+      end
+    end
+
+    context "when there is no active voucher of the specified role" do
+      let!(:inactive_voucher) do
+        FactoryBot.create(:voucher, :expired, role: role, lecture: lecture)
+      end
+
+      it "returns nil" do
+        expect(lecture.active_voucher_of_role(role)).to be(nil)
+      end
+    end
+  end
+
   # Test methods -- NEEDS TO BE REFACTORED
 
   # describe '#tags' do
diff --git a/spec/models/voucher_spec.rb b/spec/models/voucher_spec.rb
new file mode 100644
index 000000000..a17d82a46
--- /dev/null
+++ b/spec/models/voucher_spec.rb
@@ -0,0 +1,116 @@
+require "rails_helper"
+
+RSpec.describe(Voucher, type: :model) do
+  let(:lecture) { FactoryBot.create(:lecture) }
+  let(:seminar) { FactoryBot.create(:lecture, :is_seminar) }
+
+  describe "callbacks" do
+    it "generates a secure hash before creating" do
+      voucher = FactoryBot.build(:voucher)
+      expect(voucher.secure_hash).to be_nil
+      voucher.save
+      expect(voucher.secure_hash).not_to be_nil
+    end
+
+    it "adds an expiration datetime before creating" do
+      voucher = FactoryBot.build(:voucher)
+      expect(voucher.expires_at).to be_nil
+      voucher.save
+      expect(voucher.expires_at).not_to be_nil
+    end
+
+    describe "#add_expiration_datetime" do
+      def expiration_days(role)
+        case role
+        when :speaker
+          Voucher::SPEAKER_EXPIRATION_DAYS
+        when :tutor
+          Voucher::TUTOR_EXPIRATION_DAYS
+        else
+          Voucher::DEFAULT_EXPIRATION_DAYS
+        end
+      end
+
+      it "sets the expiration date correctly based on the role" do
+        Voucher::ROLE_HASH.each_key do |role|
+          voucher = build(:voucher, lecture: lecture, role: role)
+          voucher.save
+          expect(voucher.expires_at).to eq(voucher.created_at + expiration_days(role).days)
+        end
+      end
+    end
+
+    describe "#ensure_no_other_active_voucher" do
+      it "rolls back if there is another active voucher with the same role for the lecture" do
+        FactoryBot.create(:voucher, :tutor, lecture: lecture)
+        new_voucher = build(:voucher, :tutor, lecture: lecture)
+
+        expect(new_voucher.save).to be_falsey
+        expect(new_voucher.errors[:role]).to(
+          include(I18n.t("activerecord.errors.models.voucher." \
+                         "attributes.role.only_one_active"))
+        )
+      end
+    end
+
+    describe "#ensure_speaker_vouchers_only_for_seminars" do
+      context "when the lecture is a seminar" do
+        let(:voucher) { build(:voucher, :speaker, lecture: seminar) }
+
+        it "does not add an error" do
+          expect(voucher).to be_valid
+          expect(voucher.save).to be_truthy
+          expect(voucher.errors[:role]).to be_empty
+        end
+      end
+
+      context "when the lecture is not a seminar" do
+        let(:voucher) { build(:voucher, :speaker, lecture: lecture) }
+
+        it "rolls back and adds an error" do
+          expect(voucher.save).to be_falsey
+          expect(voucher.errors[:role]).to(
+            include(I18n.t("activerecord.errors.models.voucher.attributes." \
+                           "role.speaker_vouchers_only_for_seminars"))
+          )
+        end
+      end
+    end
+  end
+
+  describe "scopes" do
+    describe ".active" do
+      it "includes vouchers that are not expired and not invalidated" do
+        active_voucher = FactoryBot.create(:voucher)
+        expect(Voucher.active).to include(active_voucher)
+      end
+
+      it "excludes vouchers that are expired" do
+        expired_voucher = FactoryBot.create(:voucher, :expired)
+        expect(Voucher.active).not_to include(expired_voucher)
+      end
+
+      it "excludes vouchers that are invalidated" do
+        invalidated_voucher = FactoryBot.create(:voucher, :invalidated)
+        expect(Voucher.active).not_to include(invalidated_voucher)
+      end
+
+      it "excludes vouchers that are both expired and invalidated" do
+        voucher = FactoryBot.create(:voucher, :expired, :invalidated)
+        expect(Voucher.active).not_to include(voucher)
+      end
+    end
+  end
+
+  describe "class methods" do
+    describe ".roles_for_lecture" do
+      it "returns all roles if the lecture is a seminar" do
+        expect(Voucher.roles_for_lecture(seminar)).to eq(Voucher::ROLE_HASH.keys)
+      end
+
+      it "returns all sorts except :speaker if the lecture is not a seminar" do
+        expect(Voucher.roles_for_lecture(lecture)).to eq(Voucher::ROLE_HASH.keys - [:speaker])
+      end
+    end
+  end
+end