413cd34c45
* Tie rate limits to both the user's ID and their IP address. * Make each endpoint have separate rate limits. This means that, for example, your post edit rate limit is separate from your post vote rate limit. Before all write actions had a shared rate limit. * Make all write endpoints have rate limits. Before some endpoints, such as voting, favoriting, commenting, or forum posting, weren't subject to rate limits. * Add stricter rate limits for some endpoints: ** 1 per 5 minutes for creating new accounts. ** 1 per minute for login attempts, changing your email address, or for creating mod reports. ** 1 per minute for sending dmails, creating comments, creating forum posts, or creating forum topics. ** 1 per second for voting, favoriting, or disapproving posts. ** These rate limits all have burst factors high enough that they shouldn't affect normal, non-automated users. * Raise the default write rate limit for Gold users from 2 per second to 4 per second, for all other actions not listed above. * Raise the default burst factor to 200 for all other actions not listed above. Before it was 10 for Members, 30 for Gold, and 60 for Platinum.
63 lines
1.8 KiB
Ruby
63 lines
1.8 KiB
Ruby
class ForumPostsController < ApplicationController
|
|
respond_to :html, :xml, :json, :js
|
|
|
|
def new
|
|
@forum_post = authorize ForumPost.new_reply(params)
|
|
respond_with(@forum_post)
|
|
end
|
|
|
|
def edit
|
|
@forum_post = authorize ForumPost.find(params[:id])
|
|
respond_with(@forum_post)
|
|
end
|
|
|
|
def index
|
|
@forum_posts = authorize ForumPost.visible(CurrentUser.user).paginated_search(params)
|
|
@forum_posts = @forum_posts.includes(:topic, :creator) if request.format.html?
|
|
|
|
respond_with(@forum_posts)
|
|
end
|
|
|
|
def search
|
|
end
|
|
|
|
def show
|
|
@forum_post = authorize ForumPost.find(params[:id])
|
|
|
|
respond_with(@forum_post) do |format|
|
|
format.html do
|
|
page = @forum_post.forum_topic_page
|
|
page = nil if page == 1
|
|
redirect_to forum_topic_path(@forum_post.topic, page: page, anchor: "forum_post_#{@forum_post.id}")
|
|
end
|
|
end
|
|
end
|
|
|
|
def create
|
|
@forum_post = authorize ForumPost.new(creator: CurrentUser.user, topic_id: params.dig(:forum_post, :topic_id))
|
|
@forum_post.update(permitted_attributes(@forum_post))
|
|
|
|
page = @forum_post.topic.last_page if @forum_post.topic.last_page > 1
|
|
respond_with(@forum_post, :location => forum_topic_path(@forum_post.topic, :page => page))
|
|
end
|
|
|
|
def update
|
|
@forum_post = authorize ForumPost.find(params[:id])
|
|
@forum_post.update(permitted_attributes(@forum_post))
|
|
page = @forum_post.forum_topic_page if @forum_post.forum_topic_page > 1
|
|
respond_with(@forum_post, :location => forum_topic_path(@forum_post.topic, :page => page, :anchor => "forum_post_#{@forum_post.id}"))
|
|
end
|
|
|
|
def destroy
|
|
@forum_post = authorize ForumPost.find(params[:id])
|
|
@forum_post.delete!
|
|
respond_with(@forum_post)
|
|
end
|
|
|
|
def undelete
|
|
@forum_post = authorize ForumPost.find(params[:id])
|
|
@forum_post.undelete!
|
|
respond_with(@forum_post)
|
|
end
|
|
end
|