abstracted rate limit checks in CommentsController into the check_create_access action callback & added tests for it

Author: Oaphi

app/controllers/comments_controller.rb

@@ -10,6 +10,7 @@ class CommentsController < ApplicationController
 
   before_action :check_post_access, only: [:create_thread, :create]
   before_action :check_privilege, only: [:update, :destroy, :undelete]
+  before_action :check_create_access, only: [:create_thread, :create]
   before_action :check_reply_access, only: [:create]
   before_action :check_restrict_access, only: [:thread_restrict]
   before_action :check_thread_access, only: [:thread, :thread_content, :thread_followers]
@@ -34,13 +35,6 @@ def create_thread
 
     pings = check_for_pings @comment_thread, body
 
-    rate_limited, limit_message = helpers.comment_rate_limited?(current_user, @post)
-    if rate_limited
-      flash[:danger] = limit_message
-      redirect_to helpers.generic_share_link(@post)
-      return
-    end
-
     success = ActiveRecord::Base.transaction do
       @comment_thread.save!
       @comment.save!
@@ -74,13 +68,6 @@ def create
     @comment = Comment.new(post: @post, content: body, user: current_user,
                            comment_thread: @comment_thread, has_reference: false)
 
-    rate_limited, limit_message = helpers.comment_rate_limited?(current_user, @post)
-    if rate_limited
-      flash[:danger] = limit_message
-      redirect_to helpers.generic_share_link(@post)
-      return
-    end
-
     status = @comment.save
 
     if status
@@ -338,6 +325,14 @@ def check_privilege
     end
   end
 
+  def check_create_access
+    rate_limited, limit_message = helpers.comment_rate_limited?(current_user, @post)
+    if rate_limited
+      flash[:danger] = limit_message
+      redirect_to helpers.generic_share_link(@post)
+    end
+  end
+
   def check_reply_access
     if @comment_thread.read_only? && current_user&.standard?
       respond_to do |format|

test/controllers/comments/create_test.rb

@@ -46,6 +46,19 @@ class CommentsControllerTest < ActionController::TestCase
     assert_redirected_to_sign_in
   end
 
+  test 'should not create threads on posts of others without the unrestricted ability when rate-limited' do
+    sign_in users(:basic_user)
+
+    SiteSetting['RL_NewUserComments'] = 0
+
+    post = posts(:question_one)
+
+    try_create_thread(post)
+
+    assert_not_nil flash[:danger]
+    assert_redirected_to @controller.helpers.generic_share_link(post)
+  end
+
   test 'should not create thread if the target post is inaccessible' do
     sign_in users(:editor)
     try_create_thread(posts(:high_trust))
@@ -134,6 +147,19 @@ class CommentsControllerTest < ActionController::TestCase
     assert_redirected_to_sign_in
   end
 
+  test 'should not create comments on threads on posts of others without the unrestricted ability when rate-limited' do
+    sign_in users(:basic_user)
+
+    SiteSetting['RL_NewUserComments'] = 0
+
+    thread = comment_threads(:normal)
+
+    try_create_comment(thread)
+
+    assert_not_nil flash[:danger]
+    assert_redirected_to @controller.helpers.generic_share_link(thread.post)
+  end
+
   test 'should not create comment if the target post is inaccessible' do
     sign_in users(:editor)
     try_create_comment(comment_threads(:high_trust))