X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/3ec67ea2d395f9ae78f806f8e583e10d691861de..979528786c2d14d16bb1ffe37843e6c674d49fb4:/app/controllers/messages_controller.rb diff --git a/app/controllers/messages_controller.rb b/app/controllers/messages_controller.rb index cebf5d95b..dea5c3b07 100644 --- a/app/controllers/messages_controller.rb +++ b/app/controllers/messages_controller.rb @@ -3,7 +3,9 @@ class MessagesController < ApplicationController before_action :authorize_web before_action :set_locale - before_action :require_user + + authorize_resource + before_action :lookup_user, :only => [:new, :create] before_action :check_database_readable before_action :check_database_writable, :only => [:new, :create, :reply, :mark, :destroy] @@ -24,14 +26,15 @@ class MessagesController < ApplicationController @message.sender = current_user @message.sent_on = Time.now.getutc - if current_user.sent_messages.where("sent_on >= ?", Time.now.getutc - 1.hour).count >= MAX_MESSAGES_PER_HOUR - flash[:error] = t ".limit_exceeded" + if current_user.sent_messages.where("sent_on >= ?", Time.now.getutc - 1.hour).count >= Settings.max_messages_per_hour + flash.now[:error] = t ".limit_exceeded" render :action => "new" elsif @message.save flash[:notice] = t ".message_sent" - Notifier.message_notification(@message).deliver_now + UserMailer.message_notification(@message).deliver_later redirect_to :action => :inbox else + @title = t "messages.new.title" render :action => "new" end end @@ -54,7 +57,7 @@ class MessagesController < ApplicationController render :action => "new" else flash[:notice] = t ".wrong_user", :user => current_user.display_name - redirect_to :controller => "users", :action => "login", :referer => request.fullpath + redirect_to login_path(:referer => request.fullpath) end rescue ActiveRecord::RecordNotFound @title = t "messages.no_such_message.title" @@ -71,7 +74,7 @@ class MessagesController < ApplicationController @message.save else flash[:notice] = t ".wrong_user", :user => current_user.display_name - redirect_to :controller => "users", :action => "login", :referer => request.fullpath + redirect_to login_path(:referer => request.fullpath) end rescue ActiveRecord::RecordNotFound @title = t "messages.no_such_message.title" @@ -110,14 +113,14 @@ class MessagesController < ApplicationController # Destroy the message. def destroy - @message = Message.where("to_user_id = ? OR from_user_id = ?", current_user.id, current_user.id).find(params[:message_id]) + @message = Message.where("to_user_id = ? OR from_user_id = ?", current_user.id, current_user.id).find(params[:id]) @message.from_user_visible = false if @message.sender == current_user @message.to_user_visible = false if @message.recipient == current_user if @message.save && !request.xhr? flash[:notice] = t ".destroyed" if params[:referer] - redirect_to params[:referer] + redirect_to safe_referer(params[:referer]) else redirect_to :action => :inbox end