From 5497fbd7bbccc7592a6d37948c9c32fc8e04f54f Mon Sep 17 00:00:00 2001
From: joshua stein <jcs@jcs.org>
Date: Fri, 3 Oct 2014 17:16:15 -0500
Subject: [PATCH] allow disabling public invitation requests through a setting

---
 app/controllers/invitations_controller.rb | 29 +++++++++++++++--------
 app/views/login/index.html.erb            |  8 +++++--
 config/application.rb                     |  4 ++++
 3 files changed, 29 insertions(+), 12 deletions(-)

diff --git a/app/controllers/invitations_controller.rb b/app/controllers/invitations_controller.rb
index 227d545..e750fb1 100644
--- a/app/controllers/invitations_controller.rb
+++ b/app/controllers/invitations_controller.rb
@@ -3,7 +3,12 @@ class InvitationsController < ApplicationController
     :except => [ :build, :create_by_request, :confirm_email ]
 
   def build
-    @invitation_request = InvitationRequest.new
+    if Rails.application.allow_invitation_requests?
+      @invitation_request = InvitationRequest.new
+    else
+      flash[:error] = "Public invitation requests are not allowed."
+      return redirect_to "/login"
+    end
   end
 
   def index
@@ -19,7 +24,7 @@ class InvitationsController < ApplicationController
     ir.is_verified = true
     ir.save!
 
-    flash[:success] = "Your invitiation request has been validated and " <<
+    flash[:success] = "Your invitation request has been validated and " <<
       "will now be shown to other logged-in users."
     return redirect_to "/invitations/request"
   end
@@ -48,17 +53,21 @@ class InvitationsController < ApplicationController
   end
 
   def create_by_request
-    @invitation_request = InvitationRequest.new(
-      params.require(:invitation_request).permit(:name, :email, :memo))
+    if Rails.application.allow_invitation_requests?
+      @invitation_request = InvitationRequest.new(
+        params.require(:invitation_request).permit(:name, :email, :memo))
 
-    @invitation_request.ip_address = request.remote_ip
+      @invitation_request.ip_address = request.remote_ip
 
-    if @invitation_request.save
-      flash[:success] = "You have been e-mailed a confirmation to " <<
-        params[:invitation_request][:email].to_s << "."
-      return redirect_to "/invitations/request"
+      if @invitation_request.save
+        flash[:success] = "You have been e-mailed a confirmation to " <<
+          params[:invitation_request][:email].to_s << "."
+        return redirect_to "/invitations/request"
+      else
+        render :action => :build
+      end
     else
-      render :action => :build
+      return redirect_to "/login"
     end
   end
 
diff --git a/app/views/login/index.html.erb b/app/views/login/index.html.erb
index 90e58b3..9c22a5f 100644
--- a/app/views/login/index.html.erb
+++ b/app/views/login/index.html.erb
@@ -26,8 +26,12 @@
     <p>
     Not a user yet?  Signup is by invitation only to combat spam and increase
     accountability.  If you know <a href="/u/">a current user</a> of the site,
-    ask them for an invitation or <a href="/invitations/request">request one
-    publicly</a>.
+    ask them for an
+    <% if Rails.application.allow_invitation_requests? %>
+      invitation or <a href="/invitations/request">request one publicly</a>.
+    <% else %>
+      invitation.
+    <% end %>
     </p>
 
     <% if @referer.present? %>
diff --git a/config/application.rb b/config/application.rb
index 39caec1..e6df0a0 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -42,6 +42,10 @@ end
 # define site name and domain to be used globally, can be overridden in
 # config/initializers/production.rb
 class << Rails.application
+  def allow_invitation_requests?
+    true
+  end
+
   def domain
     "lobste.rs"
   end