]> git.openstreetmap.org Git - rails.git/blob - app/controllers/friendships_controller.rb
Add rate limiting to user friendships
[rails.git] / app / controllers / friendships_controller.rb
1 class FriendshipsController < ApplicationController
2   layout "site"
3
4   before_action :authorize_web
5   before_action :set_locale
6   before_action :check_database_readable
7
8   authorize_resource
9
10   before_action :check_database_writable, :only => [:make_friend, :remove_friend]
11
12   def make_friend
13     @new_friend = User.find_by(:display_name => params[:display_name])
14
15     if @new_friend
16       if request.post?
17         friendship = Friendship.new
18         friendship.befriender = current_user
19         friendship.befriendee = @new_friend
20         if current_user.is_friends_with?(@new_friend)
21           flash[:warning] = t "friendships.make_friend.already_a_friend", :name => @new_friend.display_name
22         elsif current_user.friendships.where("created_at >= ?", Time.now.getutc - 1.hour).count >= current_user.max_friends_per_hour
23           flash.now[:error] = t "friendships.make_friend.limit_exceeded"
24         elsif friendship.save
25           flash[:notice] = t "friendships.make_friend.success", :name => @new_friend.display_name
26           UserMailer.friendship_notification(friendship).deliver_later
27         else
28           friendship.add_error(t("friendships.make_friend.failed", :name => @new_friend.display_name))
29         end
30
31         if params[:referer]
32           redirect_to safe_referer(params[:referer])
33         else
34           redirect_to user_path
35         end
36       end
37     else
38       render_unknown_user params[:display_name]
39     end
40   end
41
42   def remove_friend
43     @friend = User.find_by(:display_name => params[:display_name])
44
45     if @friend
46       if request.post?
47         if current_user.is_friends_with?(@friend)
48           Friendship.where(:befriender => current_user, :befriendee => @friend).delete_all
49           flash[:notice] = t "friendships.remove_friend.success", :name => @friend.display_name
50         else
51           flash[:error] = t "friendships.remove_friend.not_a_friend", :name => @friend.display_name
52         end
53
54         if params[:referer]
55           redirect_to safe_referer(params[:referer])
56         else
57           redirect_to user_path
58         end
59       end
60     else
61       render_unknown_user params[:display_name]
62     end
63   end
64 end