From fd6d41ddad6fe02c08d31cf9d91c65ffaaa76cf6 Mon Sep 17 00:00:00 2001
From: Florian Staudacher <florian_staudacher@yahoo.de>
Date: Sun, 22 Jul 2012 02:42:39 +0200
Subject: [PATCH] require authentication for invite actions

---
 app/controllers/invitations_controller.rb | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/app/controllers/invitations_controller.rb b/app/controllers/invitations_controller.rb
index be93a12caa..18416f5559 100644
--- a/app/controllers/invitations_controller.rb
+++ b/app/controllers/invitations_controller.rb
@@ -6,6 +6,8 @@ require Rails.root.join('lib', 'email_inviter')
 
 class InvitationsController < ApplicationController
 
+  before_filter :authenticate_user!, :only => [:new, :create]
+
   def new
     @invite_code = current_user.invitation_code
     respond_to do |format|
@@ -15,7 +17,7 @@ class InvitationsController < ApplicationController
     end
   end
 
-  # this is  for legacy invites.  We try to look the person who sent them the 
+  # this is  for legacy invites.  We try to look the person who sent them the
   # invite, and use their new invite code
   # owe will be removing this eventually
   # @depreciated
@@ -49,7 +51,7 @@ class InvitationsController < ApplicationController
     inviter = EmailInviter.new(params[:email_inviter][:emails], current_user, params[:email_inviter])
     inviter.send!
 
-    redirect_to :back, :notice => "Great! Invites were sent off to #{inviter.emails.join(', ')}" 
+    redirect_to :back, :notice => "Great! Invites were sent off to #{inviter.emails.join(', ')}"
   end
 
   def check_if_invites_open
-- 
GitLab