From a6d50d1ff703eb979276b2f7b5ec3c509e174397 Mon Sep 17 00:00:00 2001
From: Arpit Jalan <arpit@techapj.com>
Date: Thu, 28 Jun 2018 17:03:37 +0530
Subject: [PATCH] FEATURE: new settings to control posts deletions rate limit

---
 app/controllers/posts_controller.rb | 4 ++--
 config/locales/server.en.yml        | 5 ++++-
 config/site_settings.yml            | 6 ++++++
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/app/controllers/posts_controller.rb b/app/controllers/posts_controller.rb
index 5b962e7fa67..a3804e0115f 100644
--- a/app/controllers/posts_controller.rb
+++ b/app/controllers/posts_controller.rb
@@ -267,8 +267,8 @@ class PostsController < ApplicationController
   def destroy
     post = find_post_from_params
     unless current_user.staff?
-      RateLimiter.new(current_user, "delete_post", 3, 1.minute).performed!
-      RateLimiter.new(current_user, "delete_post", 50, 1.day).performed!
+      RateLimiter.new(current_user, "delete_post", SiteSetting.max_post_deletions_per_minute, 1.minute).performed!
+      RateLimiter.new(current_user, "delete_post", SiteSetting.max_post_deletions_per_day, 1.day).performed!
     end
 
     guardian.ensure_can_delete!(post)
diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml
index ed533d02867..3b6a93ea90f 100644
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@@ -1312,6 +1312,9 @@ en:
     max_logins_per_ip_per_hour: "Maximum number of logins allowed per IP address per hour"
     max_logins_per_ip_per_minute: "Maximum number of logins allowed per IP address per minute"
 
+    max_post_deletions_per_minute: "Maximum number of posts a user can delete per minute."
+    max_post_deletions_per_day: "Maximum number of posts a user can delete per day."
+
     alert_admins_if_errors_per_minute: "Number of errors per minute in order to trigger an admin alert. A value of 0 disables this feature. NOTE: requires restart."
     alert_admins_if_errors_per_hour: "Number of errors per hour in order to trigger an admin alert. A value of 0 disables this feature. NOTE: requires restart."
 
@@ -2211,7 +2214,7 @@ en:
       subject_template: "Thanks for spending time with us"
       text_body_template: |
         Hey there. We see you’ve been busy reading, which is fantastic, so we’ve promoted you up a [trust level!](https://blog.discourse.org/2018/06/understanding-discourse-trust-levels/)
-        
+
         We’re really glad you’re spending time with us and we’d love to know more about you. Take a moment to [fill out your profile](/my/preferences/profile), or feel free to [start a new topic](/categories).
 
     welcome_invite:
diff --git a/config/site_settings.yml b/config/site_settings.yml
index 777586427ba..d5d76d7b577 100644
--- a/config/site_settings.yml
+++ b/config/site_settings.yml
@@ -1187,6 +1187,12 @@ rate_limits:
   max_logins_per_ip_per_minute:
     min: 1
     default: 6
+  max_post_deletions_per_minute:
+    min: 1
+    default: 3
+  max_post_deletions_per_day:
+    min: 1
+    default: 50
 
 developer:
   force_hostname: