Skip to content
Permalink
Browse files

Move the max daily attachment setting into environment

  • Loading branch information
harigopal committed Oct 1, 2019
1 parent 9d2d95a commit 08eac23578186496e8abd59f6f6d00c7e8199663
Showing with 37 additions and 1 deletion.
  1. +1 −1 app/forms/markdown_attachments/create_form.rb
  2. +2 −0 config/secrets.yml
  3. +3 −0 example.env
  4. +31 −0 spec/system/markdown_editor_spec.rb
@@ -7,7 +7,7 @@ class CreateForm < Reform::Form
validate :prevent_abuse

def prevent_abuse
return if current_user.markdown_attachments.where('created_at >= ?', Time.zone.now.beginning_of_day).count < 50
return if current_user.markdown_attachments.where('created_at >= ?', Time.zone.now.beginning_of_day).count < Rails.application.secrets.max_daily_markdown_attachments

errors[:base] << 'You have exceeded the number of attachments allowed per day.'
end
@@ -52,6 +52,7 @@ common: &common
typeform:
screening_url: <%= ENV['TYPEFORM_SCREENING_URL'] %>
sso_domain: <%= ENV['SSO_DOMAIN'] %>
max_daily_markdown_attachments: <%= ENV['MAX_DAILY_MARKDOWN_ATTACHMENTS']&.to_i || 50 %>

development:
secret_key_base: "2ab04e6d7919f4f9fd1e25d41455aa26ad21c2a8d053bc00ac02db4d424d97e0716105c620907e6d829329fe275d52673117d432d6d00c9052bec26a82b2de3f"
@@ -90,6 +91,7 @@ test:
host_user_id: 'host_user_id'
typeform:
screening_url: 'http://example.com/typeform'
max_daily_markdown_attachments: 10

# Do not keep production secrets in the repository,
# instead read values from the environment.
@@ -58,3 +58,6 @@ ROLLBAR_CLIENT_TOKEN=post_client_item_from_rollbar
ROLLBAR_SERVER_TOKEN=post_server_item_from_rollbar
ROLLBAR_CAPTURE_UNCAUGHT=false
ROLLBAR_CAPTURE_UNHANDLED_REJECTIONS=false

# Maximum number of markdown attachments allowed per day, per user.
MAX_DAILY_MARKDOWN_ATTACHMENTS=50
@@ -59,4 +59,35 @@
%r{\[pdf-sample\.pdf\]\(/markdown_attachments/#{pdf_attachment.id}/[a-zA-Z0-9\-_]{22}\)}
)
end

context 'when the user has already attached a lot of files today' do
around do |example|
original_value = Rails.application.secrets.max_daily_markdown_attachments
Rails.application.secrets.max_daily_markdown_attachments = 1

example.run

Rails.application.secrets.max_daily_markdown_attachments = original_value
end

scenario 'user exceeds daily attachment limit' do
sign_in_user(student.user, referer: new_question_community_path(community))
fill_in 'Question', with: 'This is a title.'

attach_file("You can attach files by clicking here and selecting one.", sample_file_path('logo_lipsum_on_light_bg.png'), visible: false)

expect(page).to have_text('logo_lipsum_on_light_bg.png')

click_button('Post Your Question')
expect(page).to have_text('0 Answers')

# Let's try filling in an answer with an attachment.
attach_file("You can attach files by clicking here and selecting one.", sample_file_path('pdf-sample.pdf'), visible: false)

expect(page).to have_text('You have exceeded the number of attachments allowed per day.')
expect(page).not_to have_text('logo_lipsum_on_light_bg.png')

expect(MarkdownAttachment.count).to eq(1)
end
end
end

0 comments on commit 08eac23

Please sign in to comment.
You can’t perform that action at this time.