before_action :authorize_web
before_action :set_locale
- before_action :require_user
+
+ authorize_resource
+
before_action :lookup_user, :only => [:new, :create]
before_action :check_database_readable
before_action :check_database_writable, :only => [:new, :create, :reply, :mark, :destroy]
@message = Message.new(message_params)
@message.recipient = @user
@message.sender = current_user
- @message.sent_on = Time.now.getutc
+ @message.sent_on = Time.now.utc
- if current_user.sent_messages.where("sent_on >= ?", Time.now.getutc - 1.hour).count >= MAX_MESSAGES_PER_HOUR
- flash[:error] = t ".limit_exceeded"
+ if current_user.sent_messages.where("sent_on >= ?", Time.now.utc - 1.hour).count >= current_user.max_messages_per_hour
+ flash.now[:error] = t ".limit_exceeded"
render :action => "new"
elsif @message.save
flash[:notice] = t ".message_sent"
- Notifier.message_notification(@message).deliver_now
+ UserMailer.message_notification(@message).deliver_later
redirect_to :action => :inbox
else
+ @title = t "messages.new.title"
render :action => "new"
end
end
render :action => "new"
else
flash[:notice] = t ".wrong_user", :user => current_user.display_name
- redirect_to :controller => "user", :action => "login", :referer => request.fullpath
+ redirect_to login_path(:referer => request.fullpath)
end
rescue ActiveRecord::RecordNotFound
@title = t "messages.no_such_message.title"
@message.save
else
flash[:notice] = t ".wrong_user", :user => current_user.display_name
- redirect_to :controller => "user", :action => "login", :referer => request.fullpath
+ redirect_to login_path(:referer => request.fullpath)
end
rescue ActiveRecord::RecordNotFound
@title = t "messages.no_such_message.title"
# Destroy the message.
def destroy
- @message = Message.where("to_user_id = ? OR from_user_id = ?", current_user.id, current_user.id).find(params[:message_id])
+ @message = Message.where("to_user_id = ? OR from_user_id = ?", current_user.id, current_user.id).find(params[:id])
@message.from_user_visible = false if @message.sender == current_user
@message.to_user_visible = false if @message.recipient == current_user
if @message.save && !request.xhr?
flash[:notice] = t ".destroyed"
- if params[:referer]
- redirect_to params[:referer]
+ referer = safe_referer(params[:referer]) if params[:referer]
+
+ if referer
+ redirect_to referer
else
redirect_to :action => :inbox
end