From d6ec3bbc60fad0332abb9ea1325c408b45f098f9 Mon Sep 17 00:00:00 2001 From: Anton Khorev Date: Mon, 21 Aug 2023 02:17:36 +0300 Subject: [PATCH] Lookup friend user before make/remove friend action --- app/controllers/friendships_controller.rb | 75 +++++++++++----------- app/views/friendships/make_friend.html.erb | 2 +- 2 files changed, 38 insertions(+), 39 deletions(-) diff --git a/app/controllers/friendships_controller.rb b/app/controllers/friendships_controller.rb index 4d1161147..3ca24d34b 100644 --- a/app/controllers/friendships_controller.rb +++ b/app/controllers/friendships_controller.rb @@ -8,53 +8,52 @@ class FriendshipsController < ApplicationController authorize_resource before_action :check_database_writable, :only => [:make_friend, :remove_friend] + before_action :lookup_friend, :only => [:make_friend, :remove_friend] def make_friend - @new_friend = User.find_by(:display_name => params[:display_name]) - - if @new_friend - if request.post? - friendship = Friendship.new - friendship.befriender = current_user - friendship.befriendee = @new_friend - if current_user.friends_with?(@new_friend) - flash[:warning] = t ".already_a_friend", :name => @new_friend.display_name - elsif current_user.friendships.where("created_at >= ?", Time.now.utc - 1.hour).count >= current_user.max_friends_per_hour - flash.now[:error] = t ".limit_exceeded" - elsif friendship.save - flash[:notice] = t ".success", :name => @new_friend.display_name - UserMailer.friendship_notification(friendship).deliver_later - else - friendship.add_error(t(".failed", :name => @new_friend.display_name)) - end - - referer = safe_referer(params[:referer]) if params[:referer] - - redirect_to referer || user_path + if request.post? + friendship = Friendship.new + friendship.befriender = current_user + friendship.befriendee = @friend + if current_user.friends_with?(@friend) + flash[:warning] = t ".already_a_friend", :name => @friend.display_name + elsif current_user.friendships.where("created_at >= ?", Time.now.utc - 1.hour).count >= current_user.max_friends_per_hour + flash.now[:error] = t ".limit_exceeded" + elsif friendship.save + flash[:notice] = t ".success", :name => @friend.display_name + UserMailer.friendship_notification(friendship).deliver_later + else + friendship.add_error(t(".failed", :name => @friend.display_name)) end - else - render_unknown_user params[:display_name] + + referer = safe_referer(params[:referer]) if params[:referer] + + redirect_to referer || user_path end end def remove_friend - @friend = User.find_by(:display_name => params[:display_name]) - - if @friend - if request.post? - if current_user.friends_with?(@friend) - Friendship.where(:befriender => current_user, :befriendee => @friend).delete_all - flash[:notice] = t ".success", :name => @friend.display_name - else - flash[:error] = t ".not_a_friend", :name => @friend.display_name - end + if request.post? + if current_user.friends_with?(@friend) + Friendship.where(:befriender => current_user, :befriendee => @friend).delete_all + flash[:notice] = t ".success", :name => @friend.display_name + else + flash[:error] = t ".not_a_friend", :name => @friend.display_name + end - referer = safe_referer(params[:referer]) if params[:referer] + referer = safe_referer(params[:referer]) if params[:referer] - redirect_to referer || user_path - end - else - render_unknown_user params[:display_name] + redirect_to referer || user_path end end + + private + + ## + # ensure that there is a "friend" instance variable + def lookup_friend + @friend = User.active.find_by!(:display_name => params[:display_name]) + rescue ActiveRecord::RecordNotFound + render_unknown_user params[:display_name] + end end diff --git a/app/views/friendships/make_friend.html.erb b/app/views/friendships/make_friend.html.erb index 3dcdd6d64..f5c2b9c0c 100644 --- a/app/views/friendships/make_friend.html.erb +++ b/app/views/friendships/make_friend.html.erb @@ -1,5 +1,5 @@ <% content_for :heading do %> -

<%= t ".heading", :user => @new_friend.display_name %>

+

<%= t ".heading", :user => @friend.display_name %>

<% end %> <%= bootstrap_form_tag do |f| %> -- 2.39.5