discourse/app/controllers/invites_controller.rb

224 lines
6.8 KiB
Ruby
Raw Normal View History

2016-06-06 15:36:59 -04:00
require_dependency 'rate_limiter'
2013-02-05 14:16:51 -05:00
class InvitesController < ApplicationController
# TODO tighten this, why skip check on everything?
skip_before_filter :check_xhr, :preload_json
skip_before_filter :redirect_to_login_if_required
before_filter :ensure_logged_in, only: [:destroy, :create, :create_invite_link, :resend_invite, :resend_all_invites, :check_csv_chunk, :upload_csv_chunk]
before_filter :ensure_new_registrations_allowed, only: [:show, :redeem_disposable_invite]
before_filter :ensure_not_logged_in, only: [:show, :redeem_disposable_invite]
2013-02-05 14:16:51 -05:00
def show
invite = Invite.find_by(invite_key: params[:id])
2013-02-05 14:16:51 -05:00
if invite.present?
user = invite.redeem
2013-02-07 10:45:24 -05:00
if user.present?
2013-02-05 14:16:51 -05:00
log_on_user(user)
# Send a welcome message if required
user.enqueue_welcome_message('welcome_invite') if user.send_welcome_message
topic = invite.topics.first
if topic.present?
redirect_to path("#{topic.relative_url}")
2013-02-05 14:16:51 -05:00
return
end
end
end
redirect_to path("/")
2013-02-05 14:16:51 -05:00
end
def create
params.require(:email)
group_ids = Group.lookup_group_ids(params)
guardian.ensure_can_invite_to_forum!(group_ids)
invite_exists = Invite.where(email: params[:email], invited_by_id: current_user.id).first
if invite_exists
guardian.ensure_can_send_multiple_invites!(current_user)
end
begin
if Invite.invite_by_email(params[:email], current_user, _topic=nil, group_ids, params[:custom_message])
render json: success_json
else
render json: failed_json, status: 422
end
rescue => e
render json: {errors: [e.message]}, status: 422
end
end
2015-08-25 21:41:52 -04:00
def create_invite_link
params.require(:email)
group_ids = Group.lookup_group_ids(params)
topic = Topic.find_by(id: params[:topic_id])
2015-08-25 21:41:52 -04:00
guardian.ensure_can_invite_to_forum!(group_ids)
invite_exists = Invite.where(email: params[:email], invited_by_id: current_user.id).first
if invite_exists
guardian.ensure_can_send_multiple_invites!(current_user)
end
begin
# generate invite link
if invite_link = Invite.generate_invite_link(params[:email], current_user, topic, group_ids)
render_json_dump(invite_link)
else
render json: failed_json, status: 422
end
rescue => e
render json: {errors: [e.message]}, status: 422
end
2015-08-25 21:41:52 -04:00
end
2014-07-14 11:56:26 -04:00
def create_disposable_invite
guardian.ensure_can_create_disposable_invite!(current_user)
params.permit(:username, :email, :quantity, :group_names)
username_or_email = params[:username] ? fetch_username : fetch_email
user = User.find_by_username_or_email(username_or_email)
# generate invite tokens
invite_tokens = Invite.generate_disposable_tokens(user, params[:quantity], params[:group_names])
render_json_dump(invite_tokens)
end
def redeem_disposable_invite
params.require(:email)
params.permit(:username, :name, :topic)
params[:email] = params[:email].split(' ').join('+')
2014-07-14 11:56:26 -04:00
invite = Invite.find_by(invite_key: params[:token])
if invite.present?
user = Invite.redeem_from_token(params[:token], params[:email], params[:username], params[:name], params[:topic].to_i)
2014-07-14 11:56:26 -04:00
if user.present?
log_on_user(user)
# Send a welcome message if required
user.enqueue_welcome_message('welcome_invite') if user.send_welcome_message
topic = invite.topics.first
if topic.present?
redirect_to path("#{topic.relative_url}")
return
end
2014-07-14 11:56:26 -04:00
end
end
redirect_to path("/")
2014-07-14 11:56:26 -04:00
end
2013-02-05 14:16:51 -05:00
def destroy
params.require(:email)
2013-02-05 14:16:51 -05:00
invite = Invite.find_by(invited_by_id: current_user.id, email: params[:email])
2013-02-05 14:16:51 -05:00
raise Discourse::InvalidParameters.new(:email) if invite.blank?
2013-07-09 15:20:18 -04:00
invite.trash!(current_user)
2013-02-05 14:16:51 -05:00
render nothing: true
end
2014-10-06 14:48:56 -04:00
def resend_invite
params.require(:email)
2016-06-06 15:36:59 -04:00
RateLimiter.new(current_user, "resend-invite-per-hour", 10, 1.hour).performed!
2014-10-06 14:48:56 -04:00
invite = Invite.find_by(invited_by_id: current_user.id, email: params[:email])
raise Discourse::InvalidParameters.new(:email) if invite.blank?
invite.resend_invite
render nothing: true
2016-06-06 15:36:59 -04:00
rescue RateLimiter::LimitExceeded
render_json_error(I18n.t("rate_limiter.slow_down"))
2014-10-06 14:48:56 -04:00
end
def resend_all_invites
guardian.ensure_can_invite_to_forum!
2016-06-06 15:36:59 -04:00
RateLimiter.new(current_user, "resend-all-invites-per-day", 1, 1.day).performed!
Invite.resend_all_invites_from(current_user.id)
render nothing: true
2016-06-06 15:36:59 -04:00
rescue RateLimiter::LimitExceeded
render_json_error(I18n.t("rate_limiter.slow_down"))
end
2014-05-27 16:14:37 -04:00
def check_csv_chunk
guardian.ensure_can_bulk_invite_to_forum!(current_user)
filename = params.fetch(:resumableFilename)
identifier = params.fetch(:resumableIdentifier)
chunk_number = params.fetch(:resumableChunkNumber)
current_chunk_size = params.fetch(:resumableCurrentChunkSize).to_i
# path to chunk file
chunk = Invite.chunk_path(identifier, filename, chunk_number)
# check chunk upload status
status = HandleChunkUpload.check_chunk(chunk, current_chunk_size: current_chunk_size)
render nothing: true, status: status
end
def upload_csv_chunk
guardian.ensure_can_bulk_invite_to_forum!(current_user)
filename = params.fetch(:resumableFilename)
return render status: 415, text: I18n.t("bulk_invite.file_should_be_csv") unless (filename.to_s.end_with?(".csv") || filename.to_s.end_with?(".txt"))
2014-05-27 16:14:37 -04:00
file = params.fetch(:file)
identifier = params.fetch(:resumableIdentifier)
chunk_number = params.fetch(:resumableChunkNumber).to_i
chunk_size = params.fetch(:resumableChunkSize).to_i
total_size = params.fetch(:resumableTotalSize).to_i
current_chunk_size = params.fetch(:resumableCurrentChunkSize).to_i
# path to chunk file
chunk = Invite.chunk_path(identifier, filename, chunk_number)
# upload chunk
HandleChunkUpload.upload_chunk(chunk, file: file)
uploaded_file_size = chunk_number * chunk_size
# when all chunks are uploaded
if uploaded_file_size + current_chunk_size >= total_size
# handle bulk_invite processing in a background thread
Jobs.enqueue(:bulk_invite, filename: filename, identifier: identifier, chunks: chunk_number, current_user_id: current_user.id)
end
render nothing: true
end
2014-07-14 11:56:26 -04:00
def fetch_username
params.require(:username)
params[:username]
end
def fetch_email
params.require(:email)
params[:email]
end
def ensure_new_registrations_allowed
unless SiteSetting.allow_new_registrations
flash[:error] = I18n.t('login.new_registrations_disabled')
render layout: 'no_ember'
false
end
end
def ensure_not_logged_in
if current_user
flash[:error] = I18n.t("login.already_logged_in", current_user: current_user.username)
render layout: 'no_ember'
false
end
end
2013-02-05 14:16:51 -05:00
end