]> git.openstreetmap.org Git - rails.git/blobdiff - app/controllers/friendships_controller.rb
Prevent API tokens without write_notes creating attributed comments
[rails.git] / app / controllers / friendships_controller.rb
index 731dda453068bfb6e057e60dbf5fe8b4ca0dce8f..7b14f2e820799d3c9f47a2092cbdcbe646d552cc 100644 (file)
@@ -10,53 +10,52 @@ class FriendshipsController < ApplicationController
   authorize_resource
 
   before_action :check_database_writable, :only => [:make_friend, :remove_friend]
   authorize_resource
 
   before_action :check_database_writable, :only => [:make_friend, :remove_friend]
+  before_action :lookup_friend, :only => [:make_friend, :remove_friend]
 
   def make_friend
 
   def make_friend
-    @new_friend = User.find_by(:display_name => params[:display_name])
-
-    if @new_friend
-      if request.post?
-        friendship = Friendship.new
-        friendship.befriender = current_user
-        friendship.befriendee = @new_friend
-        if current_user.friends_with?(@new_friend)
-          flash[:warning] = t ".already_a_friend", :name => @new_friend.display_name
-        elsif current_user.friendships.where("created_at >= ?", Time.now.utc - 1.hour).count >= current_user.max_friends_per_hour
-          flash.now[:error] = t ".limit_exceeded"
-        elsif friendship.save
-          flash[:notice] = t ".success", :name => @new_friend.display_name
-          UserMailer.friendship_notification(friendship).deliver_later
-        else
-          friendship.add_error(t(".failed", :name => @new_friend.display_name))
-        end
-
-        referer = safe_referer(params[:referer]) if params[:referer]
-
-        redirect_to referer || user_path
+    if request.post?
+      friendship = Friendship.new
+      friendship.befriender = current_user
+      friendship.befriendee = @friend
+      if current_user.friends_with?(@friend)
+        flash[:warning] = t ".already_a_friend", :name => @friend.display_name
+      elsif current_user.friendships.where("created_at >= ?", Time.now.utc - 1.hour).count >= current_user.max_friends_per_hour
+        flash.now[:error] = t ".limit_exceeded"
+      elsif friendship.save
+        flash[:notice] = t ".success", :name => @friend.display_name
+        UserMailer.friendship_notification(friendship).deliver_later
+      else
+        friendship.add_error(t(".failed", :name => @friend.display_name))
       end
       end
-    else
-      render_unknown_user params[:display_name]
+
+      referer = safe_referer(params[:referer]) if params[:referer]
+
+      redirect_to referer || user_path
     end
   end
 
   def remove_friend
     end
   end
 
   def remove_friend
-    @friend = User.find_by(:display_name => params[:display_name])
-
-    if @friend
-      if request.post?
-        if current_user.friends_with?(@friend)
-          Friendship.where(:befriender => current_user, :befriendee => @friend).delete_all
-          flash[:notice] = t ".success", :name => @friend.display_name
-        else
-          flash[:error] = t ".not_a_friend", :name => @friend.display_name
-        end
+    if request.post?
+      if current_user.friends_with?(@friend)
+        Friendship.where(:befriender => current_user, :befriendee => @friend).delete_all
+        flash[:notice] = t ".success", :name => @friend.display_name
+      else
+        flash[:error] = t ".not_a_friend", :name => @friend.display_name
+      end
 
 
-        referer = safe_referer(params[:referer]) if params[:referer]
+      referer = safe_referer(params[:referer]) if params[:referer]
 
 
-        redirect_to referer || user_path
-      end
-    else
-      render_unknown_user params[:display_name]
+      redirect_to referer || user_path
     end
   end
     end
   end
+
+  private
+
+  ##
+  # ensure that there is a "friend" instance variable
+  def lookup_friend
+    @friend = User.active.find_by!(:display_name => params[:display_name])
+  rescue ActiveRecord::RecordNotFound
+    render_unknown_user params[:display_name]
+  end
 end
 end