Merge pull request #3070 from techAPJ/patch-3
FIX: rate limit user posts export
This commit is contained in:
commit
3d42c2d515
|
@ -1,6 +1,5 @@
|
||||||
import ObjectController from 'discourse/controllers/object';
|
import ObjectController from 'discourse/controllers/object';
|
||||||
import CanCheckEmails from 'discourse/mixins/can-check-emails';
|
import CanCheckEmails from 'discourse/mixins/can-check-emails';
|
||||||
import { outputExportResult } from 'discourse/lib/export-result';
|
|
||||||
|
|
||||||
export default ObjectController.extend(CanCheckEmails, {
|
export default ObjectController.extend(CanCheckEmails, {
|
||||||
indexStream: false,
|
indexStream: false,
|
||||||
|
@ -55,7 +54,7 @@ export default ObjectController.extend(CanCheckEmails, {
|
||||||
},
|
},
|
||||||
|
|
||||||
exportUserArchive: function() {
|
exportUserArchive: function() {
|
||||||
Discourse.ExportCsv.exportUserArchive().then(outputExportResult);
|
Discourse.ExportCsv.exportUserArchive();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
|
@ -15,7 +15,13 @@ Discourse.ExportCsv.reopenClass({
|
||||||
@method export_user_archive
|
@method export_user_archive
|
||||||
**/
|
**/
|
||||||
exportUserArchive: function() {
|
exportUserArchive: function() {
|
||||||
return Discourse.ajax("/export_csv/export_entity.json", {data: {entity_type: 'user', entity: 'user_archive'}});
|
return Discourse.ajax("/export_csv/export_entity.json", {
|
||||||
|
data: {entity_type: 'user', entity: 'user_archive'}
|
||||||
|
}).then(function() {
|
||||||
|
bootbox.alert(I18n.t("admin.export_csv.success"));
|
||||||
|
}).catch(function() {
|
||||||
|
bootbox.alert(I18n.t("admin.export_csv.rate_limit_error"));
|
||||||
|
});
|
||||||
},
|
},
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -5,9 +5,7 @@ class ExportCsvController < ApplicationController
|
||||||
def export_entity
|
def export_entity
|
||||||
params.require(:entity)
|
params.require(:entity)
|
||||||
params.require(:entity_type)
|
params.require(:entity_type)
|
||||||
if params[:entity_type] == "admin"
|
guardian.ensure_can_export_entity!(params[:entity_type])
|
||||||
guardian.ensure_can_export_admin_entity!(current_user)
|
|
||||||
end
|
|
||||||
|
|
||||||
Jobs.enqueue(:export_csv_file, entity: params[:entity], user_id: current_user.id)
|
Jobs.enqueue(:export_csv_file, entity: params[:entity], user_id: current_user.id)
|
||||||
render json: success_json
|
render json: success_json
|
||||||
|
|
|
@ -1697,6 +1697,7 @@ en:
|
||||||
export_csv:
|
export_csv:
|
||||||
success: "Export initiated, you will be notified via private message when the process is complete."
|
success: "Export initiated, you will be notified via private message when the process is complete."
|
||||||
failed: "Export failed. Please check the logs."
|
failed: "Export failed. Please check the logs."
|
||||||
|
rate_limit_error: "Posts can be downloaded once per day, please try again tomorrow."
|
||||||
button_text: "Export"
|
button_text: "Export"
|
||||||
button_title:
|
button_title:
|
||||||
user: "Export full user list in CSV format."
|
user: "Export full user list in CSV format."
|
||||||
|
|
|
@ -249,8 +249,10 @@ class Guardian
|
||||||
@can_see_emails
|
@can_see_emails
|
||||||
end
|
end
|
||||||
|
|
||||||
def can_export_admin_entity?(user)
|
def can_export_entity?(entity_type)
|
||||||
user.staff?
|
return true if is_staff?
|
||||||
|
return false if entity_type == "admin"
|
||||||
|
UserExport.where(user_id: @user.id, created_at: (Time.zone.now.beginning_of_day..Time.zone.now.end_of_day)).count == 0
|
||||||
end
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
|
@ -14,6 +14,13 @@ describe ExportCsvController do
|
||||||
response.should be_success
|
response.should be_success
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it "should not enqueue export job if rate limit is reached" do
|
||||||
|
Jobs::ExportCsvFile.any_instance.expects(:execute).never
|
||||||
|
UserExport.create(export_type: "user", user_id: @user.id)
|
||||||
|
xhr :post, :export_entity, entity: "user_archive", entity_type: "user"
|
||||||
|
response.should_not be_success
|
||||||
|
end
|
||||||
|
|
||||||
it "returns 404 when normal user tries to export admin entity" do
|
it "returns 404 when normal user tries to export admin entity" do
|
||||||
xhr :post, :export_entity, entity: "staff_action", entity_type: "admin"
|
xhr :post, :export_entity, entity: "staff_action", entity_type: "admin"
|
||||||
response.should_not be_success
|
response.should_not be_success
|
||||||
|
@ -55,6 +62,13 @@ describe ExportCsvController do
|
||||||
xhr :post, :export_entity, entity: "staff_action", entity_type: "admin"
|
xhr :post, :export_entity, entity: "staff_action", entity_type: "admin"
|
||||||
response.should be_success
|
response.should be_success
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it "should not rate limit export for staff" do
|
||||||
|
Jobs.expects(:enqueue).with(:export_csv_file, has_entries(entity: "staff_action", user_id: @admin.id))
|
||||||
|
UserExport.create(export_type: "admin", user_id: @admin.id)
|
||||||
|
xhr :post, :export_entity, entity: "staff_action", entity_type: "admin"
|
||||||
|
response.should be_success
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe ".download" do
|
describe ".download" do
|
||||||
|
|
Loading…
Reference in New Issue