X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/4ec85171fd7b484ea701e5d9d6c009e72dbbd7de..8a6c34fa78cf4fa52332d90448dae50087f2b510:/app/controllers/api/changeset_comments_controller.rb?ds=sidebyside

diff --git a/app/controllers/api/changeset_comments_controller.rb b/app/controllers/api/changeset_comments_controller.rb
index 86ac61277..bb77e1106 100644
--- a/app/controllers/api/changeset_comments_controller.rb
+++ b/app/controllers/api/changeset_comments_controller.rb
@@ -1,12 +1,12 @@
 module Api
   class ChangesetCommentsController < ApiController
+    before_action :check_api_writable
+    before_action :check_api_readable, :except => [:create]
     before_action :authorize
 
     authorize_resource
 
     before_action :require_public_data, :only => [:create]
-    before_action :check_api_writable
-    before_action :check_api_readable, :except => [:create]
     before_action :set_request_formats
     around_action :api_call_handle_error
     around_action :api_call_timeout
@@ -17,6 +17,7 @@ module Api
       # Check the arguments are sane
       raise OSM::APIBadUserInput, "No id was given" unless params[:id]
       raise OSM::APIBadUserInput, "No text was given" if params[:text].blank?
+      raise OSM::APIRateLimitExceeded if rate_limit_exceeded?
 
       # Extract the arguments
       id = params[:id].to_i
@@ -98,5 +99,15 @@ module Api
         format.json
       end
     end
+
+    private
+
+    ##
+    # Check if the current user has exceed the rate limit for comments
+    def rate_limit_exceeded?
+      recent_comments = current_user.changeset_comments.where("created_at >= ?", Time.now.utc - 1.hour).count
+
+      recent_comments >= current_user.max_changeset_comments_per_hour
+    end
   end
 end