Enforce rate limit for API calls which make changes

[rails.git] / app / controllers / api / changesets_controller.rb

diff --git a/app/controllers/api/changesets_controller.rb b/app/controllers/api/changesets_controller.rb
index 84f1ccdb526b41be0d338f533f3c05b6e09f2212..9bdf0f2bd3b075a5a5eb09e5755bfa76ee224bde 100644 (file)
--- a/app/controllers/api/changesets_controller.rb
+++ b/app/controllers/api/changesets_controller.rb
@@ -92,6 +92,10 @@ module Api
       diff_reader = DiffReader.new(request.raw_post, changeset)
       Changeset.transaction do
         result = diff_reader.commit
+        # the number of changes in this changeset has already been
+        # updated and is visible in this transaction so we don't need
+        # to allow for any more when checking the limit
+        check_rate_limit(0)
         render :xml => result.to_s
       end
     end
@@ -307,7 +311,7 @@ module Api
               # user input checking, we don't have any UIDs < 1
               raise OSM::APIBadUserInput, "invalid user ID" if user.to_i < 1
 
-              u = User.find(user.to_i)
+              u = User.find_by(:id => user.to_i)
             else
               u = User.find_by(:display_name => name)
             end
@@ -325,7 +329,7 @@ module Api
           raise OSM::APINotFoundError if current_user.nil? || current_user != u
         end
 
-        changesets.where(:user_id => u.id)
+        changesets.where(:user => u)
       end
     end