X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/5405dde6ecb426fac26821f65b64773aa3e68c9f..45487e1ff8e7d334792440a2b5b3b1067269bfaf:/app/controllers/messages_controller.rb

diff --git a/app/controllers/messages_controller.rb b/app/controllers/messages_controller.rb
index cf3995b2b..e801915d6 100644
--- a/app/controllers/messages_controller.rb
+++ b/app/controllers/messages_controller.rb
@@ -3,7 +3,9 @@ class MessagesController < ApplicationController
 
   before_action :authorize_web
   before_action :set_locale
-  before_action :require_user
+
+  authorize_resource
+
   before_action :lookup_user, :only => [:new, :create]
   before_action :check_database_readable
   before_action :check_database_writable, :only => [:new, :create, :reply, :mark, :destroy]
@@ -22,16 +24,17 @@ class MessagesController < ApplicationController
     @message = Message.new(message_params)
     @message.recipient = @user
     @message.sender = current_user
-    @message.sent_on = Time.now.getutc
+    @message.sent_on = Time.now.utc
 
-    if current_user.sent_messages.where("sent_on >= ?", Time.now.getutc - 1.hour).count >= MAX_MESSAGES_PER_HOUR
-      flash[:error] = t ".limit_exceeded"
+    if current_user.sent_messages.where("sent_on >= ?", Time.now.utc - 1.hour).count >= current_user.max_messages_per_hour
+      flash.now[:error] = t ".limit_exceeded"
       render :action => "new"
     elsif @message.save
       flash[:notice] = t ".message_sent"
-      Notifier.message_notification(@message).deliver_now
+      UserMailer.message_notification(@message).deliver_later
       redirect_to :action => :inbox
     else
+      @title = t "messages.new.title"
       render :action => "new"
     end
   end
@@ -54,7 +57,7 @@ class MessagesController < ApplicationController
       render :action => "new"
     else
       flash[:notice] = t ".wrong_user", :user => current_user.display_name
-      redirect_to :controller => "user", :action => "login", :referer => request.fullpath
+      redirect_to login_path(:referer => request.fullpath)
     end
   rescue ActiveRecord::RecordNotFound
     @title = t "messages.no_such_message.title"
@@ -71,7 +74,7 @@ class MessagesController < ApplicationController
       @message.save
     else
       flash[:notice] = t ".wrong_user", :user => current_user.display_name
-      redirect_to :controller => "user", :action => "login", :referer => request.fullpath
+      redirect_to login_path(:referer => request.fullpath)
     end
   rescue ActiveRecord::RecordNotFound
     @title = t "messages.no_such_message.title"
@@ -116,8 +119,10 @@ class MessagesController < ApplicationController
     if @message.save && !request.xhr?
       flash[:notice] = t ".destroyed"
 
-      if params[:referer]
-        redirect_to params[:referer]
+      referer = safe_referer(params[:referer]) if params[:referer]
+
+      if referer
+        redirect_to referer
       else
         redirect_to :action => :inbox
       end