From 94439ebdddbc4471e82d546891e5c4da2a81afeb Mon Sep 17 00:00:00 2001
From: Kane York <rikingcoding@gmail.com>
Date: Tue, 18 Aug 2015 12:49:54 -0700
Subject: [PATCH] FIX: Tighter rate-limit for post self-deletions

---
 app/controllers/posts_controller.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/controllers/posts_controller.rb b/app/controllers/posts_controller.rb
index 4161c360980..1e428c6e8c1 100644
--- a/app/controllers/posts_controller.rb
+++ b/app/controllers/posts_controller.rb
@@ -184,6 +184,7 @@ class PostsController < ApplicationController
 
   def destroy
     post = find_post_from_params
+    RateLimiter.new(current_user, "delete_post", 3, 1.minute).performed! unless current_user.staff?
 
     if too_late_to(:delete_post, post)
       render json: {errors: [I18n.t('too_late_to_edit')]}, status: 422
@@ -206,6 +207,7 @@ class PostsController < ApplicationController
 
   def recover
     post = find_post_from_params
+    RateLimiter.new(current_user, "delete_post", 3, 1.minute).performed! unless current_user.staff?
     guardian.ensure_can_recover_post!(post)
     destroyer = PostDestroyer.new(current_user, post)
     destroyer.recover