Skip to content
Snippets Groups Projects
Verified Commit 906216af authored by Andrej Ramašeuski's avatar Andrej Ramašeuski
Browse files

Limity na editaci a zakaz likovani navrhu postupu regp

parent cfbfd857
No related branches found
No related tags found
No related merge requests found
Pipeline #2050 passed
......@@ -2,7 +2,7 @@ image: docker:19.03.12
variables:
DOCKER_TLS_CERTDIR: "/certs"
IMAGE_VER: 1.8.4
IMAGE_VER: 1.9.0
services:
- docker:19.03.12-dind
......
......@@ -7,4 +7,7 @@
jitsi_room => 'cf2021',
jitsi_token_secret => 'UtfkxQEpudmCh2MKLXrRmHAXoQwg5twF',
jitsi_token_lifetime => 300,
limit_post_count => 64,
limit_post_add_rate => 1,
limit_post_edit_rate => 4,
}
......@@ -46,7 +46,7 @@ sub startup {
plugins => [qw(+SpecRenderer +Cors +Security)],
render_specification => 1,
render_specification_for_paths => 1,
default_response_codes => [400, 401, 403, 404, 500, 501],
default_response_codes => [400, 401, 403, 404, 429, 500, 501],
security => {
Bearer => sub {
......
......@@ -31,6 +31,26 @@ sub create ($c) {
return $c->error(403, 'Debate closed');
}
# limit poctu prispevku jedneho uzivatele k jednemu bodu
my $limit = $c->schema->resultset('Post')->count({
program_entry_id => $program_entry->id,
user_id => $c->user->{id},
});
if ( $limit > $c->cfg->{limit_post_count}) {
return $c->error(429, 'Too many post from user');
}
# limit poctu prispevku za minutu
$limit = $c->schema->resultset('Post')->count({
user_id => $c->user->{id},
datetime => { '>' => \"now()-'1 min'::interval" },
});
if ( $limit >= $c->cfg->{limit_post_add_rate}) {
return $c->error(429, 'Too many posts per minute');
}
my $post = $program_entry->add_to_posts({
user_id => $c->user->{id},
type => $args->{type},
......@@ -159,6 +179,17 @@ sub update ($c) {
my $post = $c->schema->resultset('Post')->find($c->stash->{id});
return $c->error(404, 'Post not found') if ! $post;
# limit poctu prispevku za minutu
my $limit = $c->schema->resultset('PostHistory')->count({
user_id => $c->user->{id},
post_id => $post->id,
datetime => { '>' => \"now()-'1 min'::interval" },
});
if ( $limit >= $c->cfg->{limit_post_edit_rate}) {
return $c->error(429, 'Too many posts changes per minute');
}
if ( ! $c->user_roles->{chairman} ) {
if ( $post->user_id != $c->user->{id} ) {
return $c->error(403, 'Access deined');
......@@ -254,6 +285,11 @@ sub ranking ($c) {
my $post = $c->schema->resultset('Post')->find($c->stash->{id});
return $c->error(404, 'Post not found') if ! $post;
if ( $post->type == 0 and ! $c->user_roles->{member} ) {
$c->render(status => 403, text => '');
return;
}
my $user_ranking = $post->rankings({
user_id => $c->user->{id},
})->first;
......@@ -312,4 +348,8 @@ sub ranking ($c) {
$c->render(status => 204, text => '');
}
1;
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment