restrict comments for new users that haven't updated their site

app.rb

@@ -122,9 +122,12 @@ post '/site/:username/comment' do |username|
   require_login
 
   site = Site[username: username]
-  redirect request.referrer if site.profile_comments_enabled == false
 
-  if params[:message].empty? || (site.is_blocking?(current_site) || current_site.is_blocking?(site))
+  if(site.profile_comments_enabled == false ||
+     params[:message].empty? ||
+     site.is_blocking?(current_site) ||
+     current_site.is_blocking?(site) ||
+     current_site.commenting_allowed? == false)
     redirect "/site/#{username}"
   end
 
@@ -1191,8 +1194,11 @@ post '/event/:event_id/comment' do |event_id|
 
   site = event.site
 
-  return {result: 'error'}.to_json if site.is_blocking?(current_site)
+  if site.is_blocking?(current_site) ||
-  return {result: 'error'}.to_json if site.profile_comments_enabled == false
+     site.profile_comments_enabled == false ||
+     current_site.commenting_allowed? == false
+    return {result: 'error'}.to_json
+  end
 
   event.add_site_comment current_site, params[:message]
   {result: 'success'}.to_json

migrations/043_add_commenting_allowed_flag.rb

@@ -0,0 +1,9 @@
+Sequel.migration do
+  up {
+    DB.add_column :sites, :commenting_allowed, :boolean, default: false
+  }
+
+  down {
+    DB.drop_column :sites, :commenting_allowed
+  }
+end

models/site.rb

@@ -71,15 +71,13 @@ class Site < Sequel::Model
   ]
 
   SPAM_MATCH_REGEX = ENV['RACK_ENV'] == 'test' ? /pillz/ : /#{$config['spam_smart_filter'].join('|')}/i
-
   EMAIL_SANITY_REGEX = /.+@.+\..+/i
-
   EDITABLE_FILE_EXT = /html|htm|txt|js|css|md/i
-
   BANNED_TIME = 2592000 # 30 days in seconds
-
   TITLE_MAX = 100
 
+  COMMENTING_ALLOWED_UPDATED_COUNT = 2
+
   many_to_one :server
 
   many_to_many :tags
@@ -280,6 +278,19 @@ class Site < Sequel::Model
   end
 =end
 
+  def commenting_allowed?
+    return true if commenting_allowed
+
+    if events_dataset.exclude(site_change_id: nil).count >= COMMENTING_ALLOWED_UPDATED_COUNT &&
+       created_at < Time.now - 604800
+      set commenting_allowed: true
+      save_changes validate: false
+      return true
+    end
+
+    false
+  end
+
   def blocking_site_ids
     @blocking_site_ids ||= blockings_dataset.select(:site_id).all.collect {|s| s.site_id}
   end

views/_news.erb

@@ -22,7 +22,7 @@
       <% event_site = event.site_dataset.select(:id, :username, :title, :domain).first %>
       <a href="/site/<%= actioning_site.username %>" class="user" title="<%= actioning_site.title %>"><%= actioning_site.title.shorten(40) %></a> 
       is following
-      <% if event_site.id == current_site.id %>
+      <% if current_site && event_site.id == current_site.id %>
         your site!
       <% else %>
         <a href="/site/<%= event_site.username %>" class="user" title="<%= event_site.title %>"><%= event_site.title.shorten(40) %></a>
@@ -36,7 +36,7 @@
       <div class="title">
         <div class="icon"></div>
         <% event_site = event.site_dataset.select(:id, :username, :title, :domain).first %>
-        <% if event_site.id == current_site.id %>
+        <% if current_site && event_site.id == current_site.id %>
           Your site was updated.
         <% else %>
           <a href="/site/<%= event_site.username %>" class="user"><%= event_site.title %></a> has been updated.

views/_news_actions.erb

@@ -7,7 +7,7 @@
       <%= event_likes_count %>&nbsp;<%= event_likes_count == 1 ? 'like' : 'likes' %>
     <% end %>
   <% end %>
-  <% if current_site && event.site.profile_comments_enabled %>
+  <% if current_site && event.site.profile_comments_enabled && current_site.commenting_allowed? %>
     <a id="reply" href="#" onclick="Template.renderComment(<%= event.id %>); return false">
       <% if event.profile_comment_id %>
         Reply

views/site.erb

@@ -67,13 +67,32 @@
 <div class="content misc-page columns right-col"><div class="col-left">
   <div class="col col-66">
     <% if current_site && site.profile_comments_enabled %>
+
         <div class="post-comment">
           <form method="POST" action="/site/<%= site.username %>/comment">
             <input name="csrf_token" type="hidden" value="<%= csrf_token %>">
-          <input name="message" type="text" placeholder="Post a message..." autocomplete="off" maxlength="<%= Site::MAX_COMMENT_SIZE %>">
+            <input name="message" 
-          <button class="btn-Action">Post</button>
+                   type="text" 
+                   placeholder="Post a message..."
+                   autocomplete="off"
+                   maxlength="<%= Site::MAX_COMMENT_SIZE %>"
+                   <% unless current_site.commenting_allowed? %>disabled<% end %>
+            >
+            <button class="btn-Action"
+                    <% unless current_site.commenting_allowed? %>disabled<% end %>
+            >Post</button>
           </form>
         </div>
+
+        <% unless current_site.commenting_allowed? %>
+          <div class="post-comment">
+            <p>
+              <small>
+                Note: To prevent spam, you cannot comment until you have updated your site <strong><%= Site::COMMENTING_ALLOWED_UPDATED_COUNT %></strong> times (on <%= Site::COMMENTING_ALLOWED_UPDATED_COUNT %> separate days),<br> and your account is one week old. While waiting, now is a great time to <a href="/dashboard">start building your awesome site!</a>
+              </small>
+            </p>
+          </div>
+        <% end %>
     <% end %>
 
     <% if @latest_events.empty? %>