X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/4df0fe72e28246f81573b98fbf30f13fee16a6b6..9b39577f4646f3624cf24aaa04b06b6f053c3270:/app/controllers/messages_controller.rb diff --git a/app/controllers/messages_controller.rb b/app/controllers/messages_controller.rb index d14605692..22d0c88ba 100644 --- a/app/controllers/messages_controller.rb +++ b/app/controllers/messages_controller.rb @@ -3,38 +3,73 @@ class MessagesController < ApplicationController before_action :authorize_web before_action :set_locale - before_action :require_user - before_action :lookup_user, :only => [:new] + + authorize_resource + + before_action :lookup_user, :only => [:new, :create] before_action :check_database_readable - before_action :check_database_writable, :only => [:new, :reply, :mark, :destroy] - before_action :allow_thirdparty_images, :only => [:new, :show] + before_action :check_database_writable, :only => [:new, :create, :reply, :mark, :destroy] + before_action :allow_thirdparty_images, :only => [:new, :create, :show] - # Allow the user to write a new message to another user. This action also - # deals with the sending of that message to the other user when the user - # clicks send. - # The display_name param is the display name of the user that the message is being sent to. - def new - if request.post? - if current_user.sent_messages.where("sent_on >= ?", Time.now.getutc - 1.hour).count >= MAX_MESSAGES_PER_HOUR - flash[:error] = t ".limit_exceeded" - else - @message = Message.new(message_params) - @message.recipient = @user - @message.sender = current_user - @message.sent_on = Time.now.getutc - - if @message.save - flash[:notice] = t ".message_sent" - Notifier.message_notification(@message).deliver_now - redirect_to :action => :inbox - end - end + # Show a message + def show + @title = t ".title" + @message = Message.find(params[:id]) + + if @message.recipient == current_user || @message.sender == current_user + @message.message_read = true if @message.recipient == current_user + @message.save + else + flash[:notice] = t ".wrong_user", :user => current_user.display_name + redirect_to login_path(:referer => request.fullpath) end + rescue ActiveRecord::RecordNotFound + @title = t "messages.no_such_message.title" + render :action => "no_such_message", :status => :not_found + end - @message ||= Message.new(message_params.merge(:recipient => @user)) + # Allow the user to write a new message to another user. + def new + @message = Message.new(message_params.merge(:recipient => @user)) @title = t ".title" end + def create + @message = Message.new(message_params) + @message.recipient = @user + @message.sender = current_user + @message.sent_on = Time.now.utc + + if current_user.sent_messages.where("sent_on >= ?", Time.now.utc - 1.hour).count >= current_user.max_messages_per_hour + flash.now[:error] = t ".limit_exceeded" + render :action => "new" + elsif @message.save + flash[:notice] = t ".message_sent" + UserMailer.message_notification(@message).deliver_later + redirect_to :action => :inbox + else + @title = t "messages.new.title" + render :action => "new" + end + end + + # Destroy the message. + def destroy + @message = Message.where("to_user_id = ? OR from_user_id = ?", current_user.id, current_user.id).find(params[:id]) + @message.from_user_visible = false if @message.sender == current_user + @message.to_user_visible = false if @message.recipient == current_user + if @message.save && !request.xhr? + flash[:notice] = t ".destroyed" + + referer = safe_referer(params[:referer]) if params[:referer] + + redirect_to referer || { :action => :inbox } + end + rescue ActiveRecord::RecordNotFound + @title = t "messages.no_such_message.title" + render :action => "no_such_message", :status => :not_found + end + # Allow the user to reply to another message. def reply message = Message.find(params[:message_id]) @@ -53,24 +88,7 @@ class MessagesController < ApplicationController render :action => "new" else flash[:notice] = t ".wrong_user", :user => current_user.display_name - redirect_to :controller => "user", :action => "login", :referer => request.fullpath - end - rescue ActiveRecord::RecordNotFound - @title = t "messages.no_such_message.title" - render :action => "no_such_message", :status => :not_found - end - - # Show a message - def show - @title = t ".title" - @message = Message.find(params[:id]) - - if @message.recipient == current_user || @message.sender == current_user - @message.message_read = true if @message.recipient == current_user - @message.save - else - flash[:notice] = t ".wrong_user", :user => current_user.display_name - redirect_to :controller => "user", :action => "login", :referer => request.fullpath + redirect_to login_path(:referer => request.fullpath) end rescue ActiveRecord::RecordNotFound @title = t "messages.no_such_message.title" @@ -107,25 +125,6 @@ class MessagesController < ApplicationController render :action => "no_such_message", :status => :not_found end - # Destroy the message. - def destroy - @message = Message.where("to_user_id = ? OR from_user_id = ?", current_user.id, current_user.id).find(params[:message_id]) - @message.from_user_visible = false if @message.sender == current_user - @message.to_user_visible = false if @message.recipient == current_user - if @message.save && !request.xhr? - flash[:notice] = t ".destroyed" - - if params[:referer] - redirect_to params[:referer] - else - redirect_to :action => :inbox - end - end - rescue ActiveRecord::RecordNotFound - @title = t "messages.no_such_message.title" - render :action => "no_such_message", :status => :not_found - end - private ##