module Api
- class ChangesetCommentsController < ApplicationController
- skip_before_action :verify_authenticity_token
+ class ChangesetCommentsController < ApiController
+ before_action :check_api_writable
+ before_action :check_api_readable, :except => [:create]
before_action :authorize
- before_action :api_deny_access_handler
authorize_resource
before_action :require_public_data, :only => [:create]
- before_action :check_api_writable
- before_action :check_api_readable, :except => [:create]
+ before_action :set_request_formats
around_action :api_call_handle_error
around_action :api_call_timeout
# Check the arguments are sane
raise OSM::APIBadUserInput, "No id was given" unless params[:id]
raise OSM::APIBadUserInput, "No text was given" if params[:text].blank?
+ raise OSM::APIRateLimitExceeded if rate_limit_exceeded?
# Extract the arguments
id = params[:id].to_i
# Find the changeset and check it is valid
changeset = Changeset.find(id)
- raise OSM::APIChangesetNotYetClosedError, changeset if changeset.is_open?
+ raise OSM::APIChangesetNotYetClosedError, changeset if changeset.open?
# Add a comment to the changeset
comment = changeset.comments.create(:changeset => changeset,
# Notify current subscribers of the new comment
changeset.subscribers.visible.each do |user|
- Notifier.changeset_comment_notification(comment, user).deliver_later if current_user != user
+ UserMailer.changeset_comment_notification(comment, user).deliver_later if current_user != user
end
# Add the commenter to the subscribers if necessary
# Return a copy of the updated changeset
@changeset = changeset
- render "api/changesets/changeset"
+ render "api/changesets/show"
+
+ respond_to do |format|
+ format.xml
+ format.json
+ end
end
##
# Return a copy of the updated changeset
@changeset = comment.changeset
- render "api/changesets/changeset"
+ render "api/changesets/show"
+
+ respond_to do |format|
+ format.xml
+ format.json
+ end
end
##
# Return a copy of the updated changeset
@changeset = comment.changeset
- render "api/changesets/changeset"
+ render "api/changesets/show"
+
+ respond_to do |format|
+ format.xml
+ format.json
+ end
+ end
+
+ private
+
+ ##
+ # Check if the current user has exceed the rate limit for comments
+ def rate_limit_exceeded?
+ recent_comments = current_user.changeset_comments.where(:created_at => Time.now.utc - 1.hour..).count
+
+ recent_comments >= current_user.max_changeset_comments_per_hour
end
end
end