Add user update throttling

taigaio · Aug 23, 2017 · 1fb61df · 1fb61df
1 parent a0f83fe
commit 1fb61df
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 2 deletions.
diff --git a/settings/common.py b/settings/common.py
@@ -446,6 +446,7 @@
         "login-fail": None,
         "register-success": None,
         "user-detail": None,
+        "user-update": None,
     },
     "DEFAULT_THROTTLE_WHITELIST": [],
     "FILTER_BACKEND": "taiga.base.filters.FilterBackend",

diff --git a/settings/local.py.example b/settings/local.py.example
@@ -73,6 +73,7 @@ DATABASES = {
 #    "login-fail": None,
 #    "register-success": None,
 #    "user-detail": None,
+#    "user-update": None,
 #}
 
 # This list should containt:

diff --git a/settings/testing.py b/settings/testing.py
@@ -38,6 +38,7 @@
     "login-fail": None,
     "register-success": None,
     "user-detail": None,
+    "user-update": None,
 }
 
 

diff --git a/taiga/users/api.py b/taiga/users/api.py
@@ -49,7 +49,7 @@
 from . import utils as user_utils
 from .signals import user_cancel_account as user_cancel_account_signal
 from .signals import user_change_email as user_change_email_signal
-from .throttling import UserDetailRateThrottle
+from .throttling import UserDetailRateThrottle, UserUpdateRateThrottle
 
 class UsersViewSet(ModelCrudViewSet):
     permission_classes = (permissions.UserPermission,)
@@ -58,7 +58,7 @@ class UsersViewSet(ModelCrudViewSet):
     admin_validator_class = validators.UserAdminValidator
     validator_class = validators.UserValidator
     filter_backends = (MembersFilterBackend,)
-    throttle_classes = (UserDetailRateThrottle,)
+    throttle_classes = (UserDetailRateThrottle, UserUpdateRateThrottle)
     model = models.User
 
     def get_serializer_class(self):

diff --git a/taiga/users/throttling.py b/taiga/users/throttling.py
@@ -22,3 +22,8 @@
 class UserDetailRateThrottle(throttling.GlobalThrottlingMixin, throttling.ThrottleByActionMixin, throttling.SimpleRateThrottle):
     scope = "user-detail"
     throttled_actions = ["by_username", "retrieve"]
+
+
+class UserUpdateRateThrottle(throttling.UserRateThrottle, throttling.ThrottleByActionMixin):
+    scope = "user-update"
+    throttled_actions = ["update", "partial_update"]