[#8193] Include rate limiting on forum topics, fix minor tickets UI bug
diff --git a/Allura/allura/controllers/discuss.py b/Allura/allura/controllers/discuss.py
index ba31409..100ce44 100644
--- a/Allura/allura/controllers/discuss.py
+++ b/Allura/allura/controllers/discuss.py
@@ -209,7 +209,7 @@
@utils.AntiSpam.validate('Spambot protection engaged')
def post(self, **kw):
require_access(self.thread, 'post')
- self.rate_limit(M.Post, "Comment", redir='..')
+ self.rate_limit(M.Post, "Comment", redir=request.referrer)
if self.thread.ref:
require_access(self.thread.ref.artifact, 'post')
kw = self.W.edit_post.to_python(kw, None)
@@ -345,7 +345,7 @@
@require_post(redir='.')
def reply(self, file_info=None, **kw):
require_access(self.thread, 'post')
- self.rate_limit(M.Post, "Comment", redir='..')
+ self.rate_limit(M.Post, "Comment", redir=request.referrer)
kw = self.W.edit_post.to_python(kw, None)
p = self.thread.add_post(parent_id=self.post._id, **kw)
p.add_multiple_attachments(file_info)
diff --git a/Allura/allura/model/artifact.py b/Allura/allura/model/artifact.py
index 30836f1..7933e7f 100644
--- a/Allura/allura/model/artifact.py
+++ b/Allura/allura/model/artifact.py
@@ -646,6 +646,7 @@
if 'user' in kwargs:
def distinct_artifacts_by_user():
# count distinct items, not total (e.g. many edits to a single wiki page doesn't count against you)
+ # query history here, as regular base artifacts have no author information
HC = cls.__mongometa__.history_class
artifacts = HC.query.find({'author.id': kwargs['user']._id}).distinct('artifact_id')
"""
diff --git a/Allura/allura/tests/functional/test_discuss.py b/Allura/allura/tests/functional/test_discuss.py
index 8f3c968..50eecd6 100644
--- a/Allura/allura/tests/functional/test_discuss.py
+++ b/Allura/allura/tests/functional/test_discuss.py
@@ -134,10 +134,11 @@
def test_rate_limit(self):
with h.push_config(config, **{'allura.rate_limits_per_user': '{"3600": 2}'}):
for i in range(0, 2):
- self._make_post('This is a post {}'.format(i))
- with assert_raises(AppError):
- self._make_post('This is a post that should fail.')
- return 'foo'
+ r = self._make_post('This is a post {}'.format(i))
+ assert 'rate limit exceeded' not in r.body
+
+ r = self._make_post('This is a post that should fail.')
+ assert 'rate limit exceeded' in r.body
def test_permissions(self):
thread_url = self._thread_link()
diff --git a/Allura/development.ini b/Allura/development.ini
index e43be7d..0aa0bcd 100644
--- a/Allura/development.ini
+++ b/Allura/development.ini
@@ -529,6 +529,7 @@
; Number of different wiki pages, tickets, etc that a user can create or edit, per time period, across all projects
; Keys are number of seconds, values are max number allowed until that time period is reached
; NOTE: wiki pages include the default "Home" page created for the user-project and any other projects created by the user
+; NOTE: allura.rate_limits* cover posts to threads across all tools.
;forgewiki.rate_limits_per_user = {"60": 3, "120": 3, "900": 5, "1800": 7, "3600": 10, "7200": 15, "86400": 20, "604800": 50, "2592000": 200}
;forgetracker.rate_limits_per_user = {"60": 1, "120": 3, "900": 5, "1800": 7, "3600": 10, "7200": 15, "86400": 20, "604800": 50, "2592000": 200}
;forgeblog.rate_limits_per_user = {"60": 1, "120": 3, "900": 5, "1800": 7, "3600": 10, "7200": 15, "86400": 20, "604800": 50, "2592000": 200}
diff --git a/ForgeDiscussion/forgediscussion/controllers/root.py b/ForgeDiscussion/forgediscussion/controllers/root.py
index 4b35254..176156f 100644
--- a/ForgeDiscussion/forgediscussion/controllers/root.py
+++ b/ForgeDiscussion/forgediscussion/controllers/root.py
@@ -123,6 +123,7 @@
@validate(W.new_topic, error_handler=create_topic)
@AntiSpam.validate('Spambot protection engaged')
def save_new_topic(self, subject=None, text=None, forum=None, **kw):
+ self.rate_limit(model.ForumPost, 'Topic creation', request.referer)
discussion = model.Forum.query.get(
app_config_id=c.app.config._id,
shortname=forum)
diff --git a/ForgeTracker/forgetracker/templates/tracker/ticket.html b/ForgeTracker/forgetracker/templates/tracker/ticket.html
index 8665611..2895829 100644
--- a/ForgeTracker/forgetracker/templates/tracker/ticket.html
+++ b/ForgeTracker/forgetracker/templates/tracker/ticket.html
@@ -189,7 +189,7 @@
var discussion_holder = $('#discussion_holder');
var ticket_content = $('#ticket_content');
var title_holder = $('h2.dark');
- var original_title = title_holder.text();
+ var original_title = title_holder.html();
var title_actions = title_holder.find('small');
var vote = $('#vote');
@@ -218,7 +218,8 @@
$(this).trigger('editTicket');
return false;
});
- if ($('div > div.error').hasClass('error')){
+ var flashErrors = $('div > div.error');
+ if (flashErrors.hasClass('error') && flashErrors.html().indexOf('rate limit') < 0){
$('a.edit_ticket').click();
}
$('a.cancel_form').click(function () {
@@ -226,7 +227,7 @@
view_holder.show();
discussion_holder.show();
ticket_content.show();
- title_holder.text(original_title);
+ title_holder.html(original_title);
title_actions.appendTo(title_holder);
title_actions.show();
vote.show();