module Api
class ChangesetCommentsController < ApiController
+ before_action :check_api_writable
+ before_action :check_api_readable, :except => [:create]
before_action :authorize
authorize_resource
before_action :require_public_data, :only => [:create]
- before_action :check_api_writable
- before_action :check_api_readable, :except => [:create]
before_action :set_request_formats
around_action :api_call_handle_error
around_action :api_call_timeout
# Check the arguments are sane
raise OSM::APIBadUserInput, "No id was given" unless params[:id]
raise OSM::APIBadUserInput, "No text was given" if params[:text].blank?
+ raise OSM::APIRateLimitExceeded if rate_limit_exceeded?
# Extract the arguments
id = params[:id].to_i
format.json
end
end
+
+ private
+
+ ##
+ # Check if the current user has exceed the rate limit for comments
+ def rate_limit_exceeded?
+ recent_comments = current_user.changeset_comments.where("created_at >= ?", Time.now.utc - 1.hour).count
+
+ recent_comments >= current_user.max_changeset_comments_per_hour
+ end
end
end