|
8 | 8 | from pgweb.util.contexts import render_pgweb |
9 | 9 | from pgweb.util.moderation import ModerationState |
10 | 10 |
|
| 11 | +from datetime import datetime, timedelta |
11 | 12 | import io |
12 | 13 | import difflib |
13 | 14 |
|
@@ -64,29 +65,35 @@ def simple_form(instancetype, itemid, request, formclass, formtemplate='base/for |
64 | 65 | if not is_new: |
65 | 66 | old_values = {fn: str(getattr(instance, fn)) for fn in form.changed_data if hasattr(instance, fn)} |
66 | 67 |
|
67 | | - if form.is_valid(): |
68 | | - # We are handling notifications, so disable the ones we'd otherwise send |
69 | | - do_notify = getattr(instance, 'send_notification', False) |
70 | | - instance.send_notification = False |
71 | | - |
72 | | - # If the object has an "approved" field and it's set to false, we don't |
73 | | - # bother notifying about the changes. But if it lacks this field, we notify |
74 | | - # about everything, as well as if the field exists and the item has already |
75 | | - # been approved. |
76 | | - # Newly added objects are always notified if they are two-state, but not if they |
77 | | - # are tri-state (in which case they get notified when submitted for |
78 | | - # moderation). |
79 | | - if is_new: |
80 | | - if hasattr(instance, 'modstate'): |
81 | | - # Tri-state indicated by the existence of the modstate field |
| 68 | + # We are handling notifications, so disable the ones we'd otherwise send |
| 69 | + do_notify = getattr(instance, 'send_notification', False) |
| 70 | + instance.send_notification = False |
| 71 | + |
| 72 | + # If the object has an "approved" field and it's set to false, we don't |
| 73 | + # bother notifying about the changes. But if it lacks this field, we notify |
| 74 | + # about everything, as well as if the field exists and the item has already |
| 75 | + # been approved. |
| 76 | + # Newly added objects are always notified if they are two-state, but not if they |
| 77 | + # are tri-state (in which case they get notified when submitted for |
| 78 | + # moderation). |
| 79 | + if is_new: |
| 80 | + if hasattr(instance, 'modstate'): |
| 81 | + # Tri-state indicated by the existence of the modstate field |
| 82 | + do_notify = False |
| 83 | + else: |
| 84 | + if hasattr(instance, 'approved'): |
| 85 | + if not getattr(instance, 'approved', True): |
82 | 86 | do_notify = False |
83 | | - else: |
84 | | - if hasattr(instance, 'approved'): |
85 | | - if not getattr(instance, 'approved', True): |
86 | | - do_notify = False |
87 | | - elif hasattr(instance, 'modstate'): |
88 | | - if getattr(instance, 'modstate', None) == ModerationState.CREATED: |
89 | | - do_notify = False |
| 87 | + elif hasattr(instance, 'modstate'): |
| 88 | + if getattr(instance, 'modstate', None) == ModerationState.CREATED: |
| 89 | + do_notify = False |
| 90 | + |
| 91 | + # Do some very trivial rate limiting. The idea is "no more than <n> submission events in <t> time", |
| 92 | + # the numbers of <n> and <t> being entirely arbitrary. |
| 93 | + if do_notify and form.is_valid() and UserSubmission.objects.filter(user=request.user, when__gte=datetime.now() - timedelta(minutes=10)).count() > 2: |
| 94 | + form.add_error(None, 'You have made too many submissions in a short time. Please wait a little and try again.') |
| 95 | + |
| 96 | + if form.is_valid(): |
90 | 97 |
|
91 | 98 | notify = io.StringIO() |
92 | 99 |
|
|
0 commit comments