diff --git a/server/djrandom/frontend/templates/user_details.html b/server/djrandom/frontend/templates/user_details.html
index d12373a88a078e867b82b68865973f6415176f70..bd840d29a94caa927973bc2f973082e0d16bf964 100644
--- a/server/djrandom/frontend/templates/user_details.html
+++ b/server/djrandom/frontend/templates/user_details.html
@@ -39,9 +39,11 @@
</form>
</p>
+ {% if user.invites_left > 0 %}
<p>
<a href="/user/invite"><b>Invite someone</b></a>
</p>
+ {% endif %}
</div>
diff --git a/server/djrandom/frontend/user_views.py b/server/djrandom/frontend/user_views.py
index c62695926b91af96d797707175cddaf531e8b5d5..ddb9a2c047607dc4a9c5f1943d1910bdddaf9e2f 100644
--- a/server/djrandom/frontend/user_views.py
+++ b/server/djrandom/frontend/user_views.py
@@ -103,6 +103,10 @@ def user_revoke_api_key(keyid):
@app.route('/user/invite', methods=['GET', 'POST'])
@require_auth
def user_send_invite():
+ user = User.query.get(g.userid)
+ if not user.invites_left:
+ abort(403)
+
form = InviteForm()
if form.validate_on_submit():
user = User.query.get(g.userid)
@@ -113,6 +117,8 @@ def user_send_invite():
svcs['mailer'].send(email, 'Invitation',
new_user.get_activation_email(username))
+ user.invites_left -= 1
+ Session.add(user)
Session.add(new_user)
Session.commit()
flash('invitation sent to %s' % email)
diff --git a/server/djrandom/model/user.py b/server/djrandom/model/user.py
index 27ba32ea2a647a15addb8c05121d988ae3993dd2..3605a3f6cb2a5e8c00454afbcbe7704ac0d50ded 100644
--- a/server/djrandom/model/user.py
+++ b/server/djrandom/model/user.py
@@ -49,6 +49,7 @@ class User(Base):
password = Column(String(128))
created_at = Column(DateTime())
invited_by = Column(Integer())
+ invites_left = Column(Integer(3))
active = Column(Boolean())
activation_token = Column(String(40))
@@ -59,6 +60,7 @@ class User(Base):
self.activation_token = utils.random_token()
self.created_at = datetime.now()
self.invited_by = invited_by
+ self.invites_left = 3
def set_password(self, password):
self.password = crypt.crypt(password, _salt())