Merge pull request #1578 from codidact/art/new-user-comments

Oaphi · web-flow · commit 808ea07c35a4 · 2025-03-31T05:52:32.000+03:00
New user comments
diff --git a/app/controllers/comments_controller.rb b/app/controllers/comments_controller.rb
@@ -32,7 +32,12 @@ def create_thread
 
     pings = check_for_pings @comment_thread, body
 
-    return if comment_rate_limited
+    rate_limited, limit_message = helpers.comment_rate_limited?(current_user, @post)
+    if rate_limited
+      flash[:danger] = limit_message
+      redirect_to helpers.generic_share_link(@post)
+      return
+    end
 
     success = ActiveRecord::Base.transaction do
       @comment_thread.save!
@@ -76,7 +81,12 @@ def create
     @comment = Comment.new(post: @post, content: body, user: current_user,
                            comment_thread: @comment_thread, has_reference: false)
 
-    return if comment_rate_limited
+    rate_limited, limit_message = helpers.comment_rate_limited?(current_user, @post)
+    if rate_limited
+      flash[:danger] = limit_message
+      redirect_to helpers.generic_share_link(@post)
+      return
+    end
 
     if @comment.save
       apply_pings pings
@@ -324,29 +334,4 @@ def apply_pings(pings)
                                helpers.comment_link(@comment))
     end
   end
-
-  def comment_rate_limited
-    recent_comments = Comment.where(created_at: 24.hours.ago..DateTime.now, user: current_user).where \
-                             .not(post: Post.includes(:parent).where(parents_posts: { user_id: current_user.id })) \
-                             .where.not(post: Post.where(user_id: current_user.id)).count
-    max_comments_per_day = SiteSetting[current_user.privilege?('unrestricted') ? 'RL_Comments' : 'RL_NewUserComments']
-
-    if (!@post.user_id == current_user.id || @post&.parent&.user_id == current_user.id) \
-       && recent_comments >= max_comments_per_day
-      comment_limit_msg = "You have used your daily comment limit of #{recent_comments} comments. " \
-                          'Come back tomorrow to continue commenting. Comments on own posts and on answers ' \
-                          'to own posts are exempt.'
-
-      if recent_comments.zero? && !current_user.privilege?('unrestricted')
-        comment_limit_msg = 'New users can only comment on their own posts and on answers to them.'
-      end
-
-      AuditLog.rate_limit_log(event_type: 'comment', related: @comment, user: current_user,
-                              comment: "limit: #{max_comments_per_day}\n\comment:\n#{@comment.attributes_print}")
-
-      render json: { status: 'failed', message: comment_limit_msg }, status: :forbidden
-      return true
-    end
-    false
-  end
 end
diff --git a/app/helpers/comments_helper.rb b/app/helpers/comments_helper.rb
@@ -76,6 +76,44 @@ def get_pingable(thread)
 
     ActiveRecord::Base.connection.execute(query).to_a.flatten
   end
+
+  ##
+  # Is the specified user comment rate limited for the specified post?
+  # @param [User] user The user to check.
+  # @param [Post] post The post on which the user proposes to comment.
+  # @param [Boolean] create_audit_log Whether to create an AuditLog if the user is rate limited.
+  # @return [Array(Boolean, String)] 2-tuple: boolean indicating if the user is rate-limited, and a string containing
+  #   a rate limit message if the user is rate-limited.
+  def comment_rate_limited?(user, post, create_audit_log: true)
+    # Comments created by the current user in the last 24 hours, excluding comments on own posts and responses to them.
+    recent_comments = Comment.where(created_at: 24.hours.ago..DateTime.now, user: user).where \
+                             .not(post: Post.includes(:parent).where(parents_posts: { user_id: user.id })) \
+                             .where.not(post: Post.where(user_id: user.id)).count
+    max_comments_per_day = SiteSetting[user.privilege?('unrestricted') ? 'RL_Comments' : 'RL_NewUserComments']
+
+    if post.user_id != user.id && post.parent&.user_id != user.id
+      if !user.privilege?('unrestricted')
+        message = 'As a new user, you can only comment on your own posts and on answers to them.'
+        if create_audit_log
+          AuditLog.rate_limit_log(event_type: 'comment', related: post, user: user,
+                                  comment: "limit: #{max_comments_per_day}")
+        end
+        [true, message]
+      elsif recent_comments >= max_comments_per_day
+        message = "You have used your daily comment limit of #{recent_comments} comments. Come back tomorrow to " \
+                  'continue commenting. Comments on your own posts and on answers to own posts are exempt.'
+        if create_audit_log
+          AuditLog.rate_limit_log(event_type: 'comment', related: post, user: user,
+                                  comment: "limit: #{max_comments_per_day}")
+        end
+        [true, message]
+      else
+        [false, nil]
+      end
+    else
+      [false, nil]
+    end
+  end
 end
 
 class CommentScrubber < Rails::Html::PermitScrubber
diff --git a/test/fixtures/posts.yml b/test/fixtures/posts.yml
@@ -40,6 +40,27 @@ question_two:
   upvote_count: 0
   downvote_count: 0
 
+new_user_question:
+  post_type: question
+  title: Q1 - This is test question number one
+  body: This is the body of test question one. Note that we did not include any markdown or HTML in here.
+  body_markdown: This is the body of test question one. Note that we did not include any markdown or HTML in here.
+  tags_cache:
+    - discussion
+    - support
+    - bug
+  tags:
+    - discussion
+    - support
+    - bug
+  score: 0.5
+  user: basic_user
+  community: sample
+  category: main
+  license: cc_by_sa
+  upvote_count: 0
+  downvote_count: 0
+
 bad_answers:
   post_type: question
   title: Q3B - This question has bad answers
diff --git a/test/fixtures/user_abilities.yml b/test/fixtures/user_abilities.yml
@@ -52,4 +52,8 @@ d_ep:
 
 d_et:
   community_user: sample_deleter
-  ability: edit_tags
+  ability: edit_tags
+
+b_eo:
+  community_user: sample_basic_user
+  ability: everyone
diff --git a/test/helpers/comments_helper_test.rb b/test/helpers/comments_helper_test.rb
@@ -48,4 +48,16 @@ class CommentsHelperTest < ActionView::TestCase
       assert_equal expect, render_comment_helpers(+input, users(:standard_user))
     end
   end
+
+  test 'comment_rate_limited prevents new users commenting on others posts' do
+    rate_limited, limit_message = comment_rate_limited? users(:basic_user), posts(:question_one)
+    assert_equal true, rate_limited
+    assert_equal 'As a new user, you can only comment on your own posts and on answers to them.', limit_message
+  end
+
+  test 'comment_rate_limited allows new user to comment on own post' do
+    rate_limited, limit_message = comment_rate_limited? users(:basic_user), posts(:new_user_question)
+    assert_equal false, rate_limited
+    assert_equal nil, limit_message
+  end
 end
