Merge pull request #3666 from riking/rate-limit-deletions

FIX: Tighter rate-limit for post self-deletions
2025-06-04 11:11:13 +08:00 · 2015-08-19 08:06:55 +10:00
parent 6001371d17 94439ebddd
commit 1dd555e6d6
1 changed files with 2 additions and 0 deletions
--- a/app/controllers/posts_controller.rb
+++ b/app/controllers/posts_controller.rb
@ -184,6 +184,7 @@ class PostsController < ApplicationController

  def destroy
    post = find_post_from_params
+    RateLimiter.new(current_user, "delete_post", 3, 1.minute).performed! unless current_user.staff?

    if too_late_to(:delete_post, post)
      render json: {errors: [I18n.t('too_late_to_edit')]}, status: 422
@ -206,6 +207,7 @@ class PostsController < ApplicationController

  def recover
    post = find_post_from_params
+    RateLimiter.new(current_user, "delete_post", 3, 1.minute).performed! unless current_user.staff?
    guardian.ensure_can_recover_post!(post)
    destroyer = PostDestroyer.new(current_user, post)
    destroyer.recover