1 class MessagesController < ApplicationController
4 before_action :authorize_web
5 before_action :set_locale
9 before_action :lookup_user, :only => [:new, :create]
10 before_action :check_database_readable
11 before_action :check_database_writable, :only => [:new, :create, :reply, :mark, :destroy]
12 before_action :allow_thirdparty_images, :only => [:new, :create, :show]
14 # Allow the user to write a new message to another user. This action also
15 # deals with the sending of that message to the other user when the user
17 # The display_name param is the display name of the user that the message is being sent to.
19 @message = Message.new(message_params.merge(:recipient => @user))
24 @message = Message.new(message_params)
25 @message.recipient = @user
26 @message.sender = current_user
27 @message.sent_on = Time.now.utc
29 if current_user.sent_messages.where("sent_on >= ?", Time.now.utc - 1.hour).count >= current_user.max_messages_per_hour
30 flash.now[:error] = t ".limit_exceeded"
31 render :action => "new"
33 flash[:notice] = t ".message_sent"
34 UserMailer.message_notification(@message).deliver_later
35 redirect_to :action => :inbox
37 @title = t "messages.new.title"
38 render :action => "new"
42 # Allow the user to reply to another message.
44 message = Message.find(params[:message_id])
46 if message.recipient == current_user
47 message.update(:message_read => true)
49 @message = Message.new(
50 :recipient => message.sender,
51 :title => "Re: #{message.title.sub(/^Re:\s*/, '')}",
52 :body => "On #{message.sent_on} #{message.sender.display_name} wrote:\n\n#{message.body.gsub(/^/, '> ')}"
55 @title = @message.title
57 render :action => "new"
59 flash[:notice] = t ".wrong_user", :user => current_user.display_name
60 redirect_to login_path(:referer => request.fullpath)
62 rescue ActiveRecord::RecordNotFound
63 @title = t "messages.no_such_message.title"
64 render :action => "no_such_message", :status => :not_found
70 @message = Message.find(params[:id])
72 if @message.recipient == current_user || @message.sender == current_user
73 @message.message_read = true if @message.recipient == current_user
76 flash[:notice] = t ".wrong_user", :user => current_user.display_name
77 redirect_to login_path(:referer => request.fullpath)
79 rescue ActiveRecord::RecordNotFound
80 @title = t "messages.no_such_message.title"
81 render :action => "no_such_message", :status => :not_found
84 # Display the list of messages that have been sent to the user.
89 # Display the list of messages that the user has sent to other users.
94 # Set the message as being read or unread.
96 @message = Message.where("to_user_id = ? OR from_user_id = ?", current_user.id, current_user.id).find(params[:message_id])
97 if params[:mark] == "unread"
99 notice = t ".as_unread"
102 notice = t ".as_read"
104 @message.message_read = message_read
105 if @message.save && !request.xhr?
106 flash[:notice] = notice
107 redirect_to :action => :inbox
109 rescue ActiveRecord::RecordNotFound
110 @title = t "messages.no_such_message.title"
111 render :action => "no_such_message", :status => :not_found
114 # Destroy the message.
116 @message = Message.where("to_user_id = ? OR from_user_id = ?", current_user.id, current_user.id).find(params[:id])
117 @message.from_user_visible = false if @message.sender == current_user
118 @message.to_user_visible = false if @message.recipient == current_user
119 if @message.save && !request.xhr?
120 flash[:notice] = t ".destroyed"
122 referer = safe_referer(params[:referer]) if params[:referer]
124 redirect_to referer || { :action => :inbox }
126 rescue ActiveRecord::RecordNotFound
127 @title = t "messages.no_such_message.title"
128 render :action => "no_such_message", :status => :not_found
134 # return permitted message parameters
136 params.require(:message).permit(:title, :body)
137 rescue ActionController::ParameterMissing
138 ActionController::Parameters.new.permit(:title, :body)