2e9f4dc2f4
Refactor controllers so that endpoint rate limits are declared locally, with the endpoint, instead of globally, in a single method in ApplicationController. This way an endpoint's rate limit is declared in the same file as the endpoint itself. This is so we can add fine-grained rate limits for certain GET requests. Before rate limits were only for non-GET requests.
46 lines
1.4 KiB
Ruby
46 lines
1.4 KiB
Ruby
class CommentVotesController < ApplicationController
|
|
respond_to :js, :json, :xml, :html
|
|
|
|
rate_limit :create, rate: 1.0/1.second, burst: 200
|
|
rate_limit :destroy, rate: 1.0/1.second, burst: 200
|
|
|
|
def index
|
|
@comment_votes = authorize CommentVote.visible(CurrentUser.user).paginated_search(params, count_pages: true)
|
|
@comment_votes = @comment_votes.includes(:user, comment: [:creator, { post: [:uploader, :media_asset] }]) if request.format.html?
|
|
|
|
comment_id = params[:comment_id] || params[:search][:comment_id]
|
|
@comment = Comment.find(comment_id) if comment_id
|
|
|
|
respond_with(@comment_votes)
|
|
end
|
|
|
|
def show
|
|
@comment_vote = authorize CommentVote.find(params[:id])
|
|
respond_with(@comment_vote)
|
|
end
|
|
|
|
def create
|
|
@comment = Comment.find(params[:comment_id])
|
|
|
|
@comment.with_lock do
|
|
@comment_vote = authorize CommentVote.new(comment: @comment, score: params[:score], user: CurrentUser.user)
|
|
|
|
CommentVote.active.where(comment: @comment, user: CurrentUser.user).each do |vote|
|
|
vote.soft_delete!(updater: CurrentUser.user)
|
|
end
|
|
|
|
@comment_vote.save
|
|
end
|
|
|
|
flash.now[:notice] = @comment_vote.errors.full_messages.join("; ") if @comment_vote.errors.present?
|
|
respond_with(@comment_vote)
|
|
end
|
|
|
|
def destroy
|
|
@comment_vote = authorize CommentVote.find(params[:id])
|
|
@comment_vote.soft_delete(updater: CurrentUser.user)
|
|
|
|
respond_with(@comment_vote)
|
|
end
|
|
end
|