X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/951564eed1c82ec1a435f4e4636db86d1b7604fc..370fe0855e8eef97bbe58dc559957ac303decc33:/app/controllers/api/changeset_comments_controller.rb diff --git a/app/controllers/api/changeset_comments_controller.rb b/app/controllers/api/changeset_comments_controller.rb index 21c854139..2f4a361ba 100644 --- a/app/controllers/api/changeset_comments_controller.rb +++ b/app/controllers/api/changeset_comments_controller.rb @@ -1,29 +1,40 @@ module Api class ChangesetCommentsController < ApiController - before_action :authorize + include QueryMethods + + before_action :check_api_writable, :except => [:index] + before_action :authorize, :except => [:index] authorize_resource before_action :require_public_data, :only => [:create] - before_action :check_api_writable - before_action :check_api_readable, :except => [:create] - around_action :api_call_handle_error - around_action :api_call_timeout + + before_action :set_request_formats + + ## + # show all comments or search for a subset + def index + @comments = ChangesetComment.includes(:author).where(:visible => true).order("created_at DESC") + @comments = query_conditions_time(@comments) + @comments = query_conditions_user(@comments, :author) + @comments = query_limit(@comments) + end ## # Add a comment to a changeset def create # Check the arguments are sane - raise OSM::APIBadUserInput, "No id was given" unless params[:id] + raise OSM::APIBadUserInput, "No id was given" unless params[:changeset_id] raise OSM::APIBadUserInput, "No text was given" if params[:text].blank? + raise OSM::APIRateLimitExceeded if rate_limit_exceeded? # Extract the arguments - id = params[:id].to_i + changeset_id = params[:changeset_id].to_i body = params[:text] # Find the changeset and check it is valid - changeset = Changeset.find(id) - raise OSM::APIChangesetNotYetClosedError, changeset if changeset.is_open? + changeset = Changeset.find(changeset_id) + raise OSM::APIChangesetNotYetClosedError, changeset if changeset.open? # Add a comment to the changeset comment = changeset.comments.create(:changeset => changeset, @@ -32,7 +43,7 @@ module Api # Notify current subscribers of the new comment changeset.subscribers.visible.each do |user| - Notifier.changeset_comment_notification(comment, user).deliver_later if current_user != user + UserMailer.changeset_comment_notification(comment, user).deliver_later if current_user != user end # Add the commenter to the subscribers if necessary @@ -40,47 +51,22 @@ module Api # Return a copy of the updated changeset @changeset = changeset - render "api/changesets/changeset" - end - - ## - # Sets visible flag on comment to false - def destroy - # Check the arguments are sane - raise OSM::APIBadUserInput, "No id was given" unless params[:id] - - # Extract the arguments - id = params[:id].to_i + render "api/changesets/show" - # Find the changeset - comment = ChangesetComment.find(id) - - # Hide the comment - comment.update(:visible => false) - - # Return a copy of the updated changeset - @changeset = comment.changeset - render "api/changesets/changeset" + respond_to do |format| + format.xml + format.json + end end - ## - # Sets visible flag on comment to true - def restore - # Check the arguments are sane - raise OSM::APIBadUserInput, "No id was given" unless params[:id] + private - # Extract the arguments - id = params[:id].to_i - - # Find the changeset - comment = ChangesetComment.find(id) - - # Unhide the comment - comment.update(:visible => true) + ## + # Check if the current user has exceed the rate limit for comments + def rate_limit_exceeded? + recent_comments = current_user.changeset_comments.where(:created_at => Time.now.utc - 1.hour..).count - # Return a copy of the updated changeset - @changeset = comment.changeset - render "api/changesets/changeset" + recent_comments >= current_user.max_changeset_comments_per_hour end end end