X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/8ebfdbc1ffacee695ca773f3b3c8af02bb41b8c1..7e5cbe87ed37f9cba8224fa4049047d7f981f66a:/app/controllers/friendships_controller.rb?ds=sidebyside

diff --git a/app/controllers/friendships_controller.rb b/app/controllers/friendships_controller.rb
index 034173e61..5bfce7f0b 100644
--- a/app/controllers/friendships_controller.rb
+++ b/app/controllers/friendships_controller.rb
@@ -17,20 +17,20 @@ class FriendshipsController < ApplicationController
         friendship = Friendship.new
         friendship.befriender = current_user
         friendship.befriendee = @new_friend
-        if current_user.is_friends_with?(@new_friend)
+        if current_user.friends_with?(@new_friend)
           flash[:warning] = t "friendships.make_friend.already_a_friend", :name => @new_friend.display_name
+        elsif current_user.friendships.where("created_at >= ?", Time.now.utc - 1.hour).count >= current_user.max_friends_per_hour
+          flash.now[:error] = t "friendships.make_friend.limit_exceeded"
         elsif friendship.save
           flash[:notice] = t "friendships.make_friend.success", :name => @new_friend.display_name
-          Notifier.friend_notification(friendship).deliver_later
+          UserMailer.friendship_notification(friendship).deliver_later
         else
           friendship.add_error(t("friendships.make_friend.failed", :name => @new_friend.display_name))
         end
 
-        if params[:referer]
-          redirect_to params[:referer]
-        else
-          redirect_to user_path
-        end
+        referer = safe_referer(params[:referer]) if params[:referer]
+
+        redirect_to referer || user_path
       end
     else
       render_unknown_user params[:display_name]
@@ -42,18 +42,16 @@ class FriendshipsController < ApplicationController
 
     if @friend
       if request.post?
-        if current_user.is_friends_with?(@friend)
+        if current_user.friends_with?(@friend)
           Friendship.where(:befriender => current_user, :befriendee => @friend).delete_all
           flash[:notice] = t "friendships.remove_friend.success", :name => @friend.display_name
         else
           flash[:error] = t "friendships.remove_friend.not_a_friend", :name => @friend.display_name
         end
 
-        if params[:referer]
-          redirect_to params[:referer]
-        else
-          redirect_to user_path
-        end
+        referer = safe_referer(params[:referer]) if params[:referer]
+
+        redirect_to referer || user_path
       end
     else
       render_unknown_user params[:display_name]