diff options
| author | Robin Houston <robin.houston@gmail.com> | 2012-01-29 20:23:34 +0000 |
|---|---|---|
| committer | Robin Houston <robin.houston@gmail.com> | 2012-01-29 20:23:34 +0000 |
| commit | 500b4d37702cdbad113ccb94c875e90dd770231a (patch) | |
| tree | 46b2fd44234965ff32725c499571b4c9d2814ec4 /app/models/user.rb | |
| parent | bbaa789b6c417300fbdace70ca93d7099c68b718 (diff) | |
Rate limiting
Add the capability to specify a limit to the number of requests a
user can make per day, which can be turned off for specific users
in the admin interface.
Diffstat (limited to 'app/models/user.rb')
| -rw-r--r-- | app/models/user.rb | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/app/models/user.rb b/app/models/user.rb index b6839aa31..2193805ea 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -19,6 +19,7 @@ # locale :string(255) # email_bounced_at :datetime # email_bounce_message :text default(""), not null +# no_limit :boolean default(FALSE), not null # # models/user.rb: @@ -256,7 +257,7 @@ class User < ActiveRecord::Base end def User.owns_every_request?(user) - !user.nil? && user.owns_every_request? + !user.nil? && user.owns_every_request? end # Can the user see every request, even hidden ones? @@ -274,7 +275,18 @@ class User < ActiveRecord::Base end # Various ways the user can be banned, and text to describe it if failed def can_file_requests? - self.ban_text.empty? + self.ban_text.empty? && !self.exceeded_limit? + end + def exceeded_limit? + # Some users have no limit + return false if self.no_limit + + # Has the user issued as many as MAX_REQUESTS_PER_USER_PER_DAY requests in the past 24 hours? + daily_limit = MySociety::Config.get("MAX_REQUESTS_PER_USER_PER_DAY") + return false if daily_limit.nil? + recent_requests = InfoRequest.count(:conditions => ["user_id = ? and created_at > now() - '1 day'::interval", self.id]) + + return (recent_requests >= daily_limit) end def can_make_followup? self.ban_text.empty? @@ -286,7 +298,11 @@ class User < ActiveRecord::Base self.ban_text.empty? end def can_fail_html - text = self.ban_text.strip + if ban_text + text = self.ban_text.strip + else + raise "Unknown reason for ban" + end text = CGI.escapeHTML(text) text = MySociety::Format.make_clickable(text, :contract => 1) text = text.gsub(/\n/, '<br>') |