1 files changed, 15 insertions, 7 deletions

diff --git a/app/controllers/concerns/check_rate_limit.rb b/app/controllers/concerns/check_rate_limit.rb
index c4de3315e22..5ccdf843525 100644
--- a/app/controllers/concerns/check_rate_limit.rb
+++ b/app/controllers/concerns/check_rate_limit.rb
@@ -5,19 +5,27 @@
 # Controller concern that checks if the rate limit for a given action is throttled by calling the
 # Gitlab::ApplicationRateLimiter class. If the action is throttled for the current user, the request
 # will be logged and an error message will be rendered with a Too Many Requests response status.
+# See lib/api/helpers/rate_limiter.rb for API version
 module CheckRateLimit
-  def check_rate_limit(key)
-    return unless rate_limiter.throttled?(key, scope: current_user, users_allowlist: rate_limit_users_allowlist)
+  def check_rate_limit!(key, scope:, redirect_back: false, **options)
+    return unless rate_limiter.throttled?(key, scope: scope, **options)
 
     rate_limiter.log_request(request, "#{key}_request_limit".to_sym, current_user)
-    render plain: _('This endpoint has been requested too many times. Try again later.'), status: :too_many_requests
+
+    return yield if block_given?
+
+    message = _('This endpoint has been requested too many times. Try again later.')
+
+    if redirect_back
+      redirect_back_or_default(options: { alert: message })
+    else
+      render plain: message, status: :too_many_requests
+    end
   end
 
+  private
+
   def rate_limiter
     ::Gitlab::ApplicationRateLimiter
   end
-
-  def rate_limit_users_allowlist
-    Gitlab::CurrentSettings.current_application_settings.notes_create_limit_allowlist
-  end
 end