]> git.openstreetmap.org Git - rails.git/blobdiff - app/controllers/friendships_controller.rb
Add rate limiting to user friendships
[rails.git] / app / controllers / friendships_controller.rb
index 034173e61ea222201676e8ad1348294ce9a8879a..5cdb2a4e4323ea11645383bea4ebf94edeb2561b 100644 (file)
@@ -19,15 +19,17 @@ class FriendshipsController < ApplicationController
         friendship.befriendee = @new_friend
         if current_user.is_friends_with?(@new_friend)
           flash[:warning] = t "friendships.make_friend.already_a_friend", :name => @new_friend.display_name
         friendship.befriendee = @new_friend
         if current_user.is_friends_with?(@new_friend)
           flash[:warning] = t "friendships.make_friend.already_a_friend", :name => @new_friend.display_name
+        elsif current_user.friendships.where("created_at >= ?", Time.now.getutc - 1.hour).count >= current_user.max_friends_per_hour
+          flash.now[:error] = t "friendships.make_friend.limit_exceeded"
         elsif friendship.save
           flash[:notice] = t "friendships.make_friend.success", :name => @new_friend.display_name
         elsif friendship.save
           flash[:notice] = t "friendships.make_friend.success", :name => @new_friend.display_name
-          Notifier.friend_notification(friendship).deliver_later
+          UserMailer.friendship_notification(friendship).deliver_later
         else
           friendship.add_error(t("friendships.make_friend.failed", :name => @new_friend.display_name))
         end
 
         if params[:referer]
         else
           friendship.add_error(t("friendships.make_friend.failed", :name => @new_friend.display_name))
         end
 
         if params[:referer]
-          redirect_to params[:referer]
+          redirect_to safe_referer(params[:referer])
         else
           redirect_to user_path
         end
         else
           redirect_to user_path
         end
@@ -50,7 +52,7 @@ class FriendshipsController < ApplicationController
         end
 
         if params[:referer]
         end
 
         if params[:referer]
-          redirect_to params[:referer]
+          redirect_to safe_referer(params[:referer])
         else
           redirect_to user_path
         end
         else
           redirect_to user_path
         end