1 class MessagesController < ApplicationController
4 before_action :authorize_web
5 before_action :set_locale
6 before_action :require_user
7 before_action :lookup_user, :only => [:new, :create]
8 before_action :check_database_readable
9 before_action :check_database_writable, :only => [:new, :create, :reply, :mark, :destroy]
10 before_action :allow_thirdparty_images, :only => [:new, :create, :show]
12 # Allow the user to write a new message to another user. This action also
13 # deals with the sending of that message to the other user when the user
15 # The display_name param is the display name of the user that the message is being sent to.
17 @message = Message.new(message_params.merge(:recipient => @user))
22 @message = Message.new(message_params)
23 @message.recipient = @user
24 @message.sender = current_user
25 @message.sent_on = Time.now.getutc
27 if current_user.sent_messages.where("sent_on >= ?", Time.now.getutc - 1.hour).count >= MAX_MESSAGES_PER_HOUR
28 flash[:error] = t ".limit_exceeded"
29 render :action => "new"
31 flash[:notice] = t ".message_sent"
32 Notifier.message_notification(@message).deliver_now
33 redirect_to :action => :inbox
35 render :action => "new"
39 # Allow the user to reply to another message.
41 message = Message.find(params[:message_id])
43 if message.recipient == current_user
44 message.update(:message_read => true)
46 @message = Message.new(
47 :recipient => message.sender,
48 :title => "Re: #{message.title.sub(/^Re:\s*/, '')}",
49 :body => "On #{message.sent_on} #{message.sender.display_name} wrote:\n\n#{message.body.gsub(/^/, '> ')}"
52 @title = @message.title
54 render :action => "new"
56 flash[:notice] = t ".wrong_user", :user => current_user.display_name
57 redirect_to :controller => "users", :action => "login", :referer => request.fullpath
59 rescue ActiveRecord::RecordNotFound
60 @title = t "messages.no_such_message.title"
61 render :action => "no_such_message", :status => :not_found
67 @message = Message.find(params[:id])
69 if @message.recipient == current_user || @message.sender == current_user
70 @message.message_read = true if @message.recipient == current_user
73 flash[:notice] = t ".wrong_user", :user => current_user.display_name
74 redirect_to :controller => "users", :action => "login", :referer => request.fullpath
76 rescue ActiveRecord::RecordNotFound
77 @title = t "messages.no_such_message.title"
78 render :action => "no_such_message", :status => :not_found
81 # Display the list of messages that have been sent to the user.
86 # Display the list of messages that the user has sent to other users.
91 # Set the message as being read or unread.
93 @message = Message.where("to_user_id = ? OR from_user_id = ?", current_user.id, current_user.id).find(params[:message_id])
94 if params[:mark] == "unread"
96 notice = t ".as_unread"
101 @message.message_read = message_read
102 if @message.save && !request.xhr?
103 flash[:notice] = notice
104 redirect_to :action => :inbox
106 rescue ActiveRecord::RecordNotFound
107 @title = t "messages.no_such_message.title"
108 render :action => "no_such_message", :status => :not_found
111 # Destroy the message.
113 @message = Message.where("to_user_id = ? OR from_user_id = ?", current_user.id, current_user.id).find(params[:id])
114 @message.from_user_visible = false if @message.sender == current_user
115 @message.to_user_visible = false if @message.recipient == current_user
116 if @message.save && !request.xhr?
117 flash[:notice] = t ".destroyed"
120 redirect_to params[:referer]
122 redirect_to :action => :inbox
125 rescue ActiveRecord::RecordNotFound
126 @title = t "messages.no_such_message.title"
127 render :action => "no_such_message", :status => :not_found
133 # return permitted message parameters
135 params.require(:message).permit(:title, :body)
136 rescue ActionController::ParameterMissing
137 ActionController::Parameters.new.permit(:title, :body)