Merge pull request #4193 from AntonKhorev/lookup-friend

Lookup friend user before make/remove friend action

app/controllers/friendships_controller.rb

@@ -10,53 +10,52 @@ class FriendshipsController < ApplicationController
   authorize_resource
 
   before_action :check_database_writable, :only => [:make_friend, :remove_friend]
+  before_action :lookup_friend, :only => [:make_friend, :remove_friend]
 
   def make_friend
-    @new_friend = User.find_by(:display_name => params[:display_name])
+    if request.post?
-
+      friendship = Friendship.new
-    if @new_friend
+      friendship.befriender = current_user
-      if request.post?
+      friendship.befriendee = @friend
-        friendship = Friendship.new
+      if current_user.friends_with?(@friend)
-        friendship.befriender = current_user
+        flash[:warning] = t ".already_a_friend", :name => @friend.display_name
-        friendship.befriendee = @new_friend
+      elsif current_user.friendships.where("created_at >= ?", Time.now.utc - 1.hour).count >= current_user.max_friends_per_hour
-        if current_user.friends_with?(@new_friend)
+        flash.now[:error] = t ".limit_exceeded"
-          flash[:warning] = t ".already_a_friend", :name => @new_friend.display_name
+      elsif friendship.save
-        elsif current_user.friendships.where("created_at >= ?", Time.now.utc - 1.hour).count >= current_user.max_friends_per_hour
+        flash[:notice] = t ".success", :name => @friend.display_name
-          flash.now[:error] = t ".limit_exceeded"
+        UserMailer.friendship_notification(friendship).deliver_later
-        elsif friendship.save
+      else
-          flash[:notice] = t ".success", :name => @new_friend.display_name
+        friendship.add_error(t(".failed", :name => @friend.display_name))
-          UserMailer.friendship_notification(friendship).deliver_later
-        else
-          friendship.add_error(t(".failed", :name => @new_friend.display_name))
-        end
-
-        referer = safe_referer(params[:referer]) if params[:referer]
-
-        redirect_to referer || user_path
       end
-    else
+
-      render_unknown_user params[:display_name]
+      referer = safe_referer(params[:referer]) if params[:referer]
+
+      redirect_to referer || user_path
     end
   end
 
   def remove_friend
-    @friend = User.find_by(:display_name => params[:display_name])
+    if request.post?
-
+      if current_user.friends_with?(@friend)
-    if @friend
+        Friendship.where(:befriender => current_user, :befriendee => @friend).delete_all
-      if request.post?
+        flash[:notice] = t ".success", :name => @friend.display_name
-        if current_user.friends_with?(@friend)
+      else
-          Friendship.where(:befriender => current_user, :befriendee => @friend).delete_all
+        flash[:error] = t ".not_a_friend", :name => @friend.display_name
-          flash[:notice] = t ".success", :name => @friend.display_name
-        else
-          flash[:error] = t ".not_a_friend", :name => @friend.display_name
-        end
-
-        referer = safe_referer(params[:referer]) if params[:referer]
-
-        redirect_to referer || user_path
       end
-    else
+
-      render_unknown_user params[:display_name]
+      referer = safe_referer(params[:referer]) if params[:referer]
+
+      redirect_to referer || user_path
     end
   end
+
+  private
+
+  ##
+  # ensure that there is a "friend" instance variable
+  def lookup_friend
+    @friend = User.active.find_by!(:display_name => params[:display_name])
+  rescue ActiveRecord::RecordNotFound
+    render_unknown_user params[:display_name]
+  end
 end

app/views/friendships/make_friend.html.erb

@@ -1,5 +1,5 @@
 <% content_for :heading do %>
-  <h1><%= t ".heading", :user => @new_friend.display_name %></h1>
+  <h1><%= t ".heading", :user => @friend.display_name %></h1>
 <% end %>
 
 <%= bootstrap_form_tag do |f| %>