X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/387668a4c6727d8143211a5d828fd5dfacfa25ce..8a6c34fa78cf4fa52332d90448dae50087f2b510:/app/controllers/api/changeset_comments_controller.rb diff --git a/app/controllers/api/changeset_comments_controller.rb b/app/controllers/api/changeset_comments_controller.rb index 86ac61277..bb77e1106 100644 --- a/app/controllers/api/changeset_comments_controller.rb +++ b/app/controllers/api/changeset_comments_controller.rb @@ -1,12 +1,12 @@ module Api class ChangesetCommentsController < ApiController + before_action :check_api_writable + before_action :check_api_readable, :except => [:create] before_action :authorize authorize_resource before_action :require_public_data, :only => [:create] - before_action :check_api_writable - before_action :check_api_readable, :except => [:create] before_action :set_request_formats around_action :api_call_handle_error around_action :api_call_timeout @@ -17,6 +17,7 @@ module Api # Check the arguments are sane raise OSM::APIBadUserInput, "No id was given" unless params[:id] raise OSM::APIBadUserInput, "No text was given" if params[:text].blank? + raise OSM::APIRateLimitExceeded if rate_limit_exceeded? # Extract the arguments id = params[:id].to_i @@ -98,5 +99,15 @@ module Api format.json end end + + private + + ## + # Check if the current user has exceed the rate limit for comments + def rate_limit_exceeded? + recent_comments = current_user.changeset_comments.where("created_at >= ?", Time.now.utc - 1.hour).count + + recent_comments >= current_user.max_changeset_comments_per_hour + end end end