before_action :authorize_web
before_action :set_locale
- before_action :require_user
- before_action :lookup_user, :only => [:new]
+
+ authorize_resource
+
+ before_action :lookup_user, :only => [:new, :create]
before_action :check_database_readable
- before_action :check_database_writable, :only => [:new, :reply, :mark]
- before_action :allow_thirdparty_images, :only => [:new, :read]
+ before_action :check_database_writable, :only => [:new, :create, :reply, :mark, :destroy]
+ before_action :allow_thirdparty_images, :only => [:new, :create, :show]
- # Allow the user to write a new message to another user. This action also
- # deals with the sending of that message to the other user when the user
- # clicks send.
- # The display_name param is the display name of the user that the message is being sent to.
- def new
- if request.post?
- if current_user.sent_messages.where("sent_on >= ?", Time.now.getutc - 1.hour).count >= MAX_MESSAGES_PER_HOUR
- flash[:error] = t ".limit_exceeded"
- else
- @message = Message.new(message_params)
- @message.recipient = @user
- @message.sender = current_user
- @message.sent_on = Time.now.getutc
-
- if @message.save
- flash[:notice] = t ".message_sent"
- Notifier.message_notification(@message).deliver_now
- redirect_to :action => "inbox", :display_name => current_user.display_name
- end
- end
+ # Show a message
+ def show
+ @title = t ".title"
+ @message = Message.find(params[:id])
+
+ if @message.recipient == current_user || @message.sender == current_user
+ @message.message_read = true if @message.recipient == current_user
+ @message.save
+ else
+ flash[:notice] = t ".wrong_user", :user => current_user.display_name
+ redirect_to login_path(:referer => request.fullpath)
end
+ rescue ActiveRecord::RecordNotFound
+ @title = t "messages.no_such_message.title"
+ render :action => "no_such_message", :status => :not_found
+ end
- @message ||= Message.new(message_params.merge(:recipient => @user))
+ # Allow the user to write a new message to another user.
+ def new
+ @message = Message.new(message_params.merge(:recipient => @user))
@title = t ".title"
end
+ def create
+ @message = Message.new(message_params)
+ @message.recipient = @user
+ @message.sender = current_user
+ @message.sent_on = Time.now.utc
+
+ if current_user.sent_messages.where("sent_on >= ?", Time.now.utc - 1.hour).count >= current_user.max_messages_per_hour
+ flash.now[:error] = t ".limit_exceeded"
+ render :action => "new"
+ elsif @message.save
+ flash[:notice] = t ".message_sent"
+ UserMailer.message_notification(@message).deliver_later
+ redirect_to :action => :inbox
+ else
+ @title = t "messages.new.title"
+ render :action => "new"
+ end
+ end
+
+ # Destroy the message.
+ def destroy
+ @message = Message.where("to_user_id = ? OR from_user_id = ?", current_user.id, current_user.id).find(params[:id])
+ @message.from_user_visible = false if @message.sender == current_user
+ @message.to_user_visible = false if @message.recipient == current_user
+ if @message.save && !request.xhr?
+ flash[:notice] = t ".destroyed"
+
+ referer = safe_referer(params[:referer]) if params[:referer]
+
+ redirect_to referer || { :action => :inbox }
+ end
+ rescue ActiveRecord::RecordNotFound
+ @title = t "messages.no_such_message.title"
+ render :action => "no_such_message", :status => :not_found
+ end
+
# Allow the user to reply to another message.
def reply
message = Message.find(params[:message_id])
render :action => "new"
else
flash[:notice] = t ".wrong_user", :user => current_user.display_name
- redirect_to :controller => "user", :action => "login", :referer => request.fullpath
- end
- rescue ActiveRecord::RecordNotFound
- @title = t "message.no_such_message.title"
- render :action => "no_such_message", :status => :not_found
- end
-
- # Show a message
- def read
- @title = t ".title"
- @message = Message.find(params[:message_id])
-
- if @message.recipient == current_user || @message.sender == current_user
- @message.message_read = true if @message.recipient == current_user
- @message.save
- else
- flash[:notice] = t ".wrong_user", :user => current_user.display_name
- redirect_to :controller => "user", :action => "login", :referer => request.fullpath
+ redirect_to login_path(:referer => request.fullpath)
end
rescue ActiveRecord::RecordNotFound
- @title = t "message.no_such_message.title"
+ @title = t "messages.no_such_message.title"
render :action => "no_such_message", :status => :not_found
end
# Display the list of messages that have been sent to the user.
def inbox
@title = t ".title"
- if current_user && params[:display_name] == current_user.display_name
- else
- redirect_to :action => "inbox", :display_name => current_user.display_name
- end
end
# Display the list of messages that the user has sent to other users.
def outbox
@title = t ".title"
- if current_user && params[:display_name] == current_user.display_name
- else
- redirect_to :action => "outbox", :display_name => current_user.display_name
- end
end
# Set the message as being read or unread.
@message.message_read = message_read
if @message.save && !request.xhr?
flash[:notice] = notice
- redirect_to :action => "inbox", :display_name => current_user.display_name
- end
- rescue ActiveRecord::RecordNotFound
- @title = t "message.no_such_message.title"
- render :action => "no_such_message", :status => :not_found
- end
-
- # Destroy the message.
- def destroy
- @message = Message.where("to_user_id = ? OR from_user_id = ?", current_user.id, current_user.id).find(params[:message_id])
- @message.from_user_visible = false if @message.sender == current_user
- @message.to_user_visible = false if @message.recipient == current_user
- if @message.save && !request.xhr?
- flash[:notice] = t ".destroyed"
-
- if params[:referer]
- redirect_to params[:referer]
- else
- redirect_to :action => "inbox", :display_name => current_user.display_name
- end
+ redirect_to :action => :inbox
end
rescue ActiveRecord::RecordNotFound
- @title = t "message.no_such_message.title"
+ @title = t "messages.no_such_message.title"
render :action => "no_such_message", :status => :not_found
end