I’m working on allowing users to “like” posts via my telegram bot plugin (and eventually be able to post responses through telegram).
I have it working, but I want to make sure I’m implementing it in the right way to make sure it won’t allow users to bypass things like rate limiters.
I’ve taken post_actions_controller.rb as a reference point. From reading through the create method, it looks like all I need to do is extract this logic:
post_action_type_id = PostActionType.types[:like]
taken = PostAction.counts_for([@post], current_user)[@post.id]
guardian.ensure_post_can_act!(
@post,
PostActionType.types[@post_action_type_id],
is_warning: params[:is_warning],
taken_actions: taken
)
post_action = PostAction.act(current_user, @post, @post_action_type_id, args)
And then for un-liking stuff I have this:
post_action_type_id = PostActionType.types[:like]
post_action = current_user.post_actions.find_by(post_id: params[:id].to_i, post_action_type_id: @post_action_type_id, deleted_at: nil)
guardian.ensure_can_delete!(post_action)
PostAction.remove_act(current_user, @post, post_action.post_action_type_id)
Is that what I should be doing, or are there some simpler methods I can call which take care of all of the Guardian stuff?
On a related note, is there any way for my plugin to run logic whenever a “like” occurs? I can’t find a relavent DiscourseEvent, but I may be missing something.