X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/947a41edee95df9e75cce0452277e2a00a8b5fa5..8a6c34fa78cf4fa52332d90448dae50087f2b510:/app/controllers/api/changeset_comments_controller.rb diff --git a/app/controllers/api/changeset_comments_controller.rb b/app/controllers/api/changeset_comments_controller.rb index 6093f529e..bb77e1106 100644 --- a/app/controllers/api/changeset_comments_controller.rb +++ b/app/controllers/api/changeset_comments_controller.rb @@ -1,14 +1,13 @@ module Api - class ChangesetCommentsController < ApplicationController - skip_before_action :verify_authenticity_token + class ChangesetCommentsController < ApiController + before_action :check_api_writable + before_action :check_api_readable, :except => [:create] before_action :authorize - before_action :api_deny_access_handler authorize_resource before_action :require_public_data, :only => [:create] - before_action :check_api_writable - before_action :check_api_readable, :except => [:create] + before_action :set_request_formats around_action :api_call_handle_error around_action :api_call_timeout @@ -18,6 +17,7 @@ module Api # Check the arguments are sane raise OSM::APIBadUserInput, "No id was given" unless params[:id] raise OSM::APIBadUserInput, "No text was given" if params[:text].blank? + raise OSM::APIRateLimitExceeded if rate_limit_exceeded? # Extract the arguments id = params[:id].to_i @@ -25,7 +25,7 @@ module Api # Find the changeset and check it is valid changeset = Changeset.find(id) - raise OSM::APIChangesetNotYetClosedError, changeset if changeset.is_open? + raise OSM::APIChangesetNotYetClosedError, changeset if changeset.open? # Add a comment to the changeset comment = changeset.comments.create(:changeset => changeset, @@ -34,14 +34,20 @@ module Api # Notify current subscribers of the new comment changeset.subscribers.visible.each do |user| - Notifier.changeset_comment_notification(comment, user).deliver_later if current_user != user + UserMailer.changeset_comment_notification(comment, user).deliver_later if current_user != user end # Add the commenter to the subscribers if necessary changeset.subscribers << current_user unless changeset.subscribers.exists?(current_user.id) # Return a copy of the updated changeset - render :xml => changeset.to_xml.to_s + @changeset = changeset + render "api/changesets/changeset" + + respond_to do |format| + format.xml + format.json + end end ## @@ -60,7 +66,13 @@ module Api comment.update(:visible => false) # Return a copy of the updated changeset - render :xml => comment.changeset.to_xml.to_s + @changeset = comment.changeset + render "api/changesets/changeset" + + respond_to do |format| + format.xml + format.json + end end ## @@ -79,7 +91,23 @@ module Api comment.update(:visible => true) # Return a copy of the updated changeset - render :xml => comment.changeset.to_xml.to_s + @changeset = comment.changeset + render "api/changesets/changeset" + + respond_to do |format| + format.xml + format.json + end + end + + private + + ## + # Check if the current user has exceed the rate limit for comments + def rate_limit_exceeded? + recent_comments = current_user.changeset_comments.where("created_at >= ?", Time.now.utc - 1.hour).count + + recent_comments >= current_user.max_changeset_comments_per_hour end end end