Max_topics_in_first_day for TL1 users seems to not match the blog

Based on the description here (Understanding Discourse Trust Levels), quote:

Users at trust level 1 can…
Use all core Discourse functions; all new user restrictions are removed

One of the user restrictions is (also quote):

Users at trust level 0 cannot
Post more than 3 topics

I think this refers to the setting max_topics_in_first_day which is used in this function (github link):

  # Additional rate limits on topics: per day and private messages per day
  def limit_topics_per_day
    return unless regular?
    if user && user.new_user_posting_on_first_day?
      limit_first_day_topics_per_day
    else
      apply_per_day_rate_limit_for("topics", :max_topics_per_day)
    end
  end

It looks like the new_user_posting_on_first_day doesn’t exactly match the blog page description above. Its implementation is:

  def new_user_posting_on_first_day?
    !staff? && trust_level < TrustLevel[2] &&
      (
        trust_level == TrustLevel[0] || self.first_post_created_at.nil? ||
          self.first_post_created_at >= 24.hours.ago
      )
  end

As per the code: if a user is TL1 and they created their first post within the same day, then this function returns true and the limit max_topics_in_first_day applies

As per the blog: if a user is TL1, all new user restrictions are removed. So I assume ‘max_topics_in_first_day’ should not apply.


My questions:

  1. Is this a bug in the code?
  2. If this is intentional, then is there a dedicated setting to control the number of topics a TL1 user can create on their first day? I’d like it to be higher than that for TL0.

Sorry to bump on this - but we’re trying to fight an ongoing spam attack on our product’s discussion forum :cry:

One of the solutions we’re considering is upgrading new signups to TL1 automatically if they have previously signed up to our product (on an external site), and then to severely restrict all TL0 users.

Based on the current usage pattern, our legitimate users would always start at TL1 whereas spammers would start at TL0. So, being able to rate limit topics for TL0 users specifically would be helpful.

It looks such a setting does not exist. The blog suggests that it should. Hence, I’m wondering if this is a bug. If this is intentional, then please consider my post as a feature request :slightly_smiling_face: