X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/02eeefbe0ff7d5d60d6a7133942f5792d2aabb15..6648d3a2a6202566099423472665d3072eb02ae9:/app/controllers/message_controller.rb?ds=inline diff --git a/app/controllers/message_controller.rb b/app/controllers/message_controller.rb index 97e892156..3952b67ca 100644 --- a/app/controllers/message_controller.rb +++ b/app/controllers/message_controller.rb @@ -7,30 +7,31 @@ class MessageController < ApplicationController before_action :lookup_this_user, :only => [:new] before_action :check_database_readable before_action :check_database_writable, :only => [:new, :reply, :mark] + before_action :allow_thirdparty_images, :only => [:new, :read] # Allow the user to write a new message to another user. This action also # deals with the sending of that message to the other user when the user # clicks send. # The display_name param is the display name of the user that the message is being sent to. def new - if params[:message] - if @user.sent_messages.where("sent_on >= ?", Time.now.getutc - 1.hour).count >= MAX_MESSAGES_PER_HOUR + if request.post? + if current_user.sent_messages.where("sent_on >= ?", Time.now.getutc - 1.hour).count >= MAX_MESSAGES_PER_HOUR flash[:error] = t "message.new.limit_exceeded" else @message = Message.new(message_params) - @message.to_user_id = @this_user.id - @message.from_user_id = @user.id + @message.recipient = @this_user + @message.sender = current_user @message.sent_on = Time.now.getutc if @message.save flash[:notice] = t "message.new.message_sent" Notifier.message_notification(@message).deliver_now - redirect_to :action => "inbox", :display_name => @user.display_name + redirect_to :action => "inbox", :display_name => current_user.display_name end end end - @message ||= Message.new(:recipient => @this_user) + @message ||= Message.new(message_params.merge(:recipient => @this_user)) @title = t "message.new.title" end @@ -38,8 +39,8 @@ class MessageController < ApplicationController def reply message = Message.find(params[:message_id]) - if message.to_user_id == @user.id - message.update_attribute(:message_read, true) + if message.recipient == current_user + message.update(:message_read => true) @message = Message.new( :recipient => message.sender, @@ -51,7 +52,7 @@ class MessageController < ApplicationController render :action => "new" else - flash[:notice] = t "message.reply.wrong_user", :user => @user.display_name + flash[:notice] = t "message.reply.wrong_user", :user => current_user.display_name redirect_to :controller => "user", :action => "login", :referer => request.fullpath end rescue ActiveRecord::RecordNotFound @@ -64,11 +65,11 @@ class MessageController < ApplicationController @title = t "message.read.title" @message = Message.find(params[:message_id]) - if @message.to_user_id == @user.id || @message.from_user_id == @user.id - @message.message_read = true if @message.to_user_id == @user.id + if @message.recipient == current_user || @message.sender == current_user + @message.message_read = true if @message.recipient == current_user @message.save else - flash[:notice] = t "message.read.wrong_user", :user => @user.display_name + flash[:notice] = t "message.read.wrong_user", :user => current_user.display_name redirect_to :controller => "user", :action => "login", :referer => request.fullpath end rescue ActiveRecord::RecordNotFound @@ -79,24 +80,24 @@ class MessageController < ApplicationController # Display the list of messages that have been sent to the user. def inbox @title = t "message.inbox.title" - if @user && params[:display_name] == @user.display_name + if current_user && params[:display_name] == current_user.display_name else - redirect_to :action => "inbox", :display_name => @user.display_name + redirect_to :action => "inbox", :display_name => current_user.display_name end end # Display the list of messages that the user has sent to other users. def outbox @title = t "message.outbox.title" - if @user && params[:display_name] == @user.display_name + if current_user && params[:display_name] == current_user.display_name else - redirect_to :action => "outbox", :display_name => @user.display_name + redirect_to :action => "outbox", :display_name => current_user.display_name end end # Set the message as being read or unread. def mark - @message = Message.where("to_user_id = ? OR from_user_id = ?", @user.id, @user.id).find(params[:message_id]) + @message = Message.where("to_user_id = ? OR from_user_id = ?", current_user.id, current_user.id).find(params[:message_id]) if params[:mark] == "unread" message_read = false notice = t "message.mark.as_unread" @@ -107,7 +108,7 @@ class MessageController < ApplicationController @message.message_read = message_read if @message.save && !request.xhr? flash[:notice] = notice - redirect_to :action => "inbox", :display_name => @user.display_name + redirect_to :action => "inbox", :display_name => current_user.display_name end rescue ActiveRecord::RecordNotFound @title = t "message.no_such_message.title" @@ -116,16 +117,16 @@ class MessageController < ApplicationController # Delete the message. def delete - @message = Message.where("to_user_id = ? OR from_user_id = ?", @user.id, @user.id).find(params[:message_id]) - @message.from_user_visible = false if @message.sender == @user - @message.to_user_visible = false if @message.recipient == @user + @message = Message.where("to_user_id = ? OR from_user_id = ?", current_user.id, current_user.id).find(params[:message_id]) + @message.from_user_visible = false if @message.sender == current_user + @message.to_user_visible = false if @message.recipient == current_user if @message.save && !request.xhr? flash[:notice] = t "message.delete.deleted" if params[:referer] redirect_to params[:referer] else - redirect_to :action => "inbox", :display_name => @user.display_name + redirect_to :action => "inbox", :display_name => current_user.display_name end end rescue ActiveRecord::RecordNotFound @@ -139,5 +140,7 @@ class MessageController < ApplicationController # return permitted message parameters def message_params params.require(:message).permit(:title, :body) + rescue ActionController::ParameterMissing + ActionController::Parameters.new.permit(:title, :body) end end