Marc's Profile

I noticed that you don't sanitize user input. I've also noticed that eleasticsearch is not very fond of several characters, like / [ { } : / \ " or '. There are probably others too.

Yeah, I didn't like the use (abuse?) of cookies there either. I would just created a relationship in the DB between users and announcements, (AnnouncementsUser user_id, announcement_id, read:boolean).

Then I'd have a method on the user object (current_user.unseen_announcements) that would return an array of all announcements that the user hasn't already marked as read. Then, the act of hiding the announcement would create a record in the DB that records the fact that that user has hidden the announcement.

Of course this isn't a solution for users without accounts.