FIX: Only apply the rate limit to user exports, not downloads (#30965)

Follow-up to 7fc8d74f3eed52116add452b5321b41e02e04499.

This change moves the guardian check for whether an export has been generated too recently to the endpoint handler, since we only want this check to apply when generating an export.

app/controllers/export_csv_controller.rb

@@ -17,6 +17,17 @@ class ExportCsvController < ApplicationController
 
     if entity == "user_archive"
       requesting_user_id = current_user.id if entity_id
+
+      # Rate limit user archive exports to 1 per day
+      unless current_user.admin ||
+               UserExport.where(
+                 user_id: entity_id || current_user.id,
+                 created_at: (Time.zone.now.beginning_of_day..Time.zone.now.end_of_day),
+               ).count == 0
+        render_json_error I18n.t("csv_export.rate_limit_error")
+        return
+      end
+
       Jobs.enqueue(
         :export_user_archive,
         user_id: entity_id || current_user.id,

lib/guardian.rb

@@ -544,11 +544,7 @@ class Guardian
 
     # Regular users can only export their archives
     return false unless entity == "user_archive"
-    return false unless entity_id == @user.id || entity_id.nil?
+    entity_id == @user.id || entity_id.nil?
-    UserExport.where(
-      user_id: @user.id,
-      created_at: (Time.zone.now.beginning_of_day..Time.zone.now.end_of_day),
-    ).count == 0
   end
 
   def can_see_emails?