FIX: Only apply the rate limit to user exports, not downloads (#30965)

Follow-up to 7fc8d74f3eed52116add452b5321b41e02e04499. This change moves the guardian check for whether an export has been generated too recently to the endpoint handler, since we only want this check to apply when generating an export.
2025-06-04 23:36:11 +08:00 · 2025-01-24 09:37:05 +11:00
parent 7fc8d74f3e
commit 7d2fcb8812
2 changed files with 12 additions and 5 deletions
--- a/app/controllers/export_csv_controller.rb
+++ b/app/controllers/export_csv_controller.rb
@ -17,6 +17,17 @@ class ExportCsvController < ApplicationController

    if entity == "user_archive"
      requesting_user_id = current_user.id if entity_id
+
+      # Rate limit user archive exports to 1 per day
+      unless current_user.admin ||
+               UserExport.where(
+                 user_id: entity_id || current_user.id,
+                 created_at: (Time.zone.now.beginning_of_day..Time.zone.now.end_of_day),
+               ).count == 0
+        render_json_error I18n.t("csv_export.rate_limit_error")
+        return
+      end
+
      Jobs.enqueue(
        :export_user_archive,
        user_id: entity_id || current_user.id,