#7886 Config options to limit ticket & wiki page creation


It would be useful to have .ini settings to limit abuse of creating too many tickets or wiki pages. This should be enforced in controllers (including API controller), not in the models (since that could cause trouble for project imports or other server-side scripts or tasks).

Configuration and functionality could be similar to project.rate_limits. E.g.

forgewiki.rate_limits = {"3600": 100, "172800": 10000}

forgetracker.rate_limits = {"3600": 100, "172800": 10000}

Make sure to include a comment like the project.rate_limits comment in the .ini sections for these new settings, since it can be a little confusing to know what the numbers are for.

Helper function(s) should be created to check to see if a limit is reached for the given artifact type. Consider factoring out a general purpose rate_limit utility method from plugin.py's rate_limit too.

Use ProjectRegistrationProvider.get().registration_date() for the start date you're comparing to for these cases. To count the number of artifacts, a simple query with app_config_id = c.app.config._id should be fine (don't need to consider any other tools in the same project)

If an error occurs, show a flash message or API error (HTTP 429) as appropriate, instead of creating the artifact instance. Log a warning.


  • Igor Bondarenko - 2015-06-03
    • labels: sf-current --> sf-current, 42cc
    • status: open --> in-progress
    • assigned_to: Igor Bondarenko
  • Igor Bondarenko - 2015-06-10
    • status: in-progress --> review
  • Igor Bondarenko - 2015-06-10

    Closed #789. ib/7886

  • Dave Brondsema

    Dave Brondsema - 2015-06-12
    • labels: sf-current, 42cc --> sf-current, 42cc, sf-2
    • status: review --> closed
    • Reviewer: Dave Brondsema
  • Dave Brondsema

    Dave Brondsema - 2015-06-15
    • labels: sf-current, 42cc, sf-2 --> 42cc, sf-2
  • Igor Bondarenko - 2015-06-18
    • Milestone: unreleased --> asf_release_1.3.0

Log in to post a comment.