From 5b7ecd3667912795f5b7d3a0a5d2bdc5f28ab7b0 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Tue, 27 Sep 2011 09:39:48 +0100
Subject: [PATCH] limit number of available per-user invites

---
 server/djrandom/frontend/templates/user_details.html | 2 ++
 server/djrandom/frontend/user_views.py               | 6 ++++++
 server/djrandom/model/user.py                        | 2 ++
 3 files changed, 10 insertions(+)

diff --git a/server/djrandom/frontend/templates/user_details.html b/server/djrandom/frontend/templates/user_details.html
index d12373a..bd840d2 100644
--- a/server/djrandom/frontend/templates/user_details.html
+++ b/server/djrandom/frontend/templates/user_details.html
@@ -39,9 +39,11 @@
           </form>
         </p>
 
+        {% if user.invites_left > 0 %}
         <p>
           <a href="/user/invite"><b>Invite someone</b></a>
         </p>
+        {% endif %}
 
       </div>
 
diff --git a/server/djrandom/frontend/user_views.py b/server/djrandom/frontend/user_views.py
index c626959..ddb9a2c 100644
--- a/server/djrandom/frontend/user_views.py
+++ b/server/djrandom/frontend/user_views.py
@@ -103,6 +103,10 @@ def user_revoke_api_key(keyid):
 @app.route('/user/invite', methods=['GET', 'POST'])
 @require_auth
 def user_send_invite():
+    user = User.query.get(g.userid)
+    if not user.invites_left:
+        abort(403)
+
     form = InviteForm()
     if form.validate_on_submit():
         user = User.query.get(g.userid)
@@ -113,6 +117,8 @@ def user_send_invite():
         svcs['mailer'].send(email, 'Invitation',
                             new_user.get_activation_email(username))
 
+        user.invites_left -= 1
+        Session.add(user)
         Session.add(new_user)
         Session.commit()
         flash('invitation sent to %s' % email)
diff --git a/server/djrandom/model/user.py b/server/djrandom/model/user.py
index 27ba32e..3605a3f 100644
--- a/server/djrandom/model/user.py
+++ b/server/djrandom/model/user.py
@@ -49,6 +49,7 @@ class User(Base):
     password = Column(String(128))
     created_at = Column(DateTime())
     invited_by = Column(Integer())
+    invites_left = Column(Integer(3))
     active = Column(Boolean())
     activation_token = Column(String(40))
 
@@ -59,6 +60,7 @@ class User(Base):
         self.activation_token = utils.random_token()
         self.created_at = datetime.now()
         self.invited_by = invited_by
+        self.invites_left = 3
 
     def set_password(self, password):
         self.password = crypt.crypt(password, _salt())
-- 
GitLab