class LinkController(RedditController):
@cross_domain(allow_credentials=True)
@allow_oauth2_access
@json_validate(
VModhashIfLoggedIn(),
dfp_creative_id=VInt("dfp_creative_id", min=0),
)
def POST_link_from_id(self, responder, dfp_creative_id, *a, **kw):
if (responder.has_errors("dfp_creative_id", errors.BAD_NUMBER)):
return
link = LinksByDfpCreativeId.get(dfp_creative_id)
if link:
_check_edits(link)
if not link:
try:
creative = creatives_service.by_id(dfp_creative_id)
except Exception as e:
g.log.error("dfp error: %s" % e)
abort(404)
link = utils.dfp_creative_to_link(creative)
LinksByDfpCreativeId.add(link)
listing = wrap_links([link])
thing = listing.things[0]
return thing.render()
class SitemapController(MinimalController):
def GET_index(self):
response.content_type = 'application/xml'
return Sitemap.sitemap_index()
@validate(index=VInt('index', 0, 50000))
def GET_subreddits(self, index):
response.content_type = 'application/xml'
try:
return Sitemap.subreddit_sitemap(index)
except tdb_cassandra.NotFound:
return self.abort404()
class LiveUpdateEmbedController(MinimalController):
def __before__(self, event):
MinimalController.__before__(self)
if event:
try:
c.liveupdate_event = LiveUpdateEvent._byID(event)
except tdb_cassandra.NotFound:
pass
if not c.liveupdate_event:
self.abort404()
@validate(
liveupdate=VLiveUpdate('liveupdate'),
embed_index=VInt('embed_index', min=0)
)
def GET_mediaembed(self, liveupdate, embed_index):
if c.errors or request.host != g.media_domain:
# don't serve up untrusted content except on our
# specifically untrusted domain
abort(404)
try:
media_object = liveupdate.media_objects[embed_index]
except IndexError:
abort(404)
embed = get_live_media_embed(media_object)
if not embed:
abort(404)
content = embed.content
c.allow_framing = True
args = {
"body": content,
"unknown_dimensions": not (embed.width and embed.height),
"js_context": {
"liveupdate_id": unicode(liveupdate._id), # UUID serializing
"embed_index": embed_index,
}
}
return pages.LiveUpdateMediaEmbedBody(**args).render()
class PlaceController(RedditController):
def pre(self):
RedditController.pre(self)
if not PLACE_SUBREDDIT.can_view(c.user):
self.abort403()
if c.user.in_timeout:
self.abort403()
if c.user._spam:
self.abort403()
@validate(
is_embed=VBoolean("is_embed"),
is_webview=VBoolean("webview", default=False),
is_palette_hidden=VBoolean('hide_palette', default=False),
)
@allow_oauth2_access
def GET_canvasse(self, is_embed, is_webview, is_palette_hidden):
# oauth will try to force the response into json
# undo that here by hacking extension, content_type, and render_style
try:
del(request.environ['extension'])
except:
pass
request.environ['content_type'] = "text/html; charset=UTF-8"
request.environ['render_style'] = "html"
set_content_type()
websocket_url = websockets.make_url("/place", max_age=3600)
content = PlaceCanvasse()
js_config = {
"place_websocket_url": websocket_url,
"place_canvas_width": CANVAS_WIDTH,
"place_canvas_height": CANVAS_HEIGHT,
"place_cooldown": 0 if c.user_is_admin else PIXEL_COOLDOWN_SECONDS,
"place_fullscreen": is_embed or is_webview,
"place_hide_ui": is_palette_hidden,
}
if c.user_is_loggedin and not c.user_is_admin:
js_config["place_wait_seconds"] = get_wait_seconds(c.user)
# this is a sad duplication of the same from reddit_base :(
# if c.user_is_loggedin:
# PLACE_SUBREDDIT.record_visitor_activity("logged_in", c.user._fullname)
# elif c.loid.serializable:
# PLACE_SUBREDDIT.record_visitor_activity("logged_out", c.loid.loid)
try:
js_config["place_active_visitors"] = get_activity_count()
except ActivityError:
pass
if is_embed:
# ensure we're off the cookie domain before allowing embedding
if request.host != g.media_domain:
abort(404)
c.allow_framing = True
if is_embed or is_webview:
return PlaceEmbedPage(
title="place",
content=content,
extra_js_config=js_config,
).render()
else:
return PlacePage(
title="place",
content=content,
extra_js_config=js_config,
).render()
@json_validate(
VUser(), # NOTE: this will respond with a 200 with an error body
VModhash(),
x=VInt("x", min=0, max=CANVAS_WIDTH, coerce=False),
y=VInt("y", min=0, max=CANVAS_HEIGHT, coerce=False),
color=VInt("color", min=0, max=15),
)
@allow_oauth2_access
def POST_draw(self, responder, x, y, color):
#if c.user._date >= ACCOUNT_CREATION_CUTOFF:
# self.abort403()
if PLACE_SUBREDDIT.is_banned(c.user):
self.abort403()
if x is None:
# copy the error set by VNumber/VInt
c.errors.add(
error_name=errors.BAD_NUMBER,
field="x",
msg_params={
"range": _("%(min)d to %(max)d") % {
"min": 0,
"max": CANVAS_WIDTH,
},
},
)
if y is None:
# copy the error set by VNumber/VInt
c.errors.add(
error_name=errors.BAD_NUMBER,
field="y",
msg_params={
"range": _("%(min)d to %(max)d") % {
"min": 0,
"max": CANVAS_HEIGHT,
},
},
)
if color is None:
c.errors.add(errors.BAD_COLOR, field="color")
if (responder.has_errors("x", errors.BAD_NUMBER) or
responder.has_errors("y", errors.BAD_NUMBER) or
responder.has_errors("color", errors.BAD_COLOR)):
# TODO: return 400 with parsable error message?
return
if c.user_is_admin:
wait_seconds = 0
else:
wait_seconds = get_wait_seconds(c.user)
if wait_seconds > 2:
response.status = 429
request.environ['extra_error_data'] = {
"error": 429,
"wait_seconds": wait_seconds,
}
return
Pixel.create(c.user, color, x, y)
c.user.set_flair(
subreddit=PLACE_SUBREDDIT,
text="({x},{y}) {time}".format(x=x, y=y, time=time.time()),
css_class="place-%s" % color,
)
websockets.send_broadcast(
namespace="/place",
type="place",
payload={
"author": c.user.name,
"x": x,
"y": y,
"color": color,
}
)
events.place_pixel(x, y, color)
cooldown = 0 if c.user_is_admin else PIXEL_COOLDOWN_SECONDS
return {
'wait_seconds': cooldown,
}
@json_validate(
VUser(), # NOTE: this will respond with a 200 with an error body
VAdmin(),
VModhash(),
x=VInt("x", min=0, max=CANVAS_WIDTH, coerce=False),
y=VInt("y", min=0, max=CANVAS_HEIGHT, coerce=False),
width=VInt("width", min=1, max=ADMIN_RECT_DRAW_MAX_SIZE,
coerce=True, num_default=1),
height=VInt("height", min=1, max=ADMIN_RECT_DRAW_MAX_SIZE,
coerce=True, num_default=1),
)
@allow_oauth2_access
def POST_drawrect(self, responder, x, y, width, height):
if x is None:
# copy the error set by VNumber/VInt
c.errors.add(
error_name=errors.BAD_NUMBER,
field="x",
msg_params={
"range": _("%(min)d to %(max)d") % {
"min": 0,
"max": CANVAS_WIDTH,
},
},
)
if y is None:
# copy the error set by VNumber/VInt
c.errors.add(
error_name=errors.BAD_NUMBER,
field="y",
msg_params={
"range": _("%(min)d to %(max)d") % {
"min": 0,
"max": CANVAS_HEIGHT,
},
},
)
if (responder.has_errors("x", errors.BAD_NUMBER) or
responder.has_errors("y", errors.BAD_NUMBER)):
# TODO: return 400 with parsable error message?
return
# prevent drawing outside of the canvas
width = min(CANVAS_WIDTH - x, width)
height = min(CANVAS_HEIGHT - y, height)
batch_payload = []
for _x in xrange(x, x + width):
for _y in xrange(y, y + height):
pixel = Pixel.create(None, 0, _x, _y)
payload = {
"author": '',
"x": _x,
"y": _y,
"color": 0,
}
batch_payload.append(payload)
websockets.send_broadcast(
namespace="/place",
type="batch-place",
payload=batch_payload,
)
@json_validate(
VUser(),
)
@allow_oauth2_access
def GET_time_to_wait(self, responder):
if c.user._date >= ACCOUNT_CREATION_CUTOFF:
self.abort403()
if c.user_is_admin:
wait_seconds = 0
else:
wait_seconds = get_wait_seconds(c.user)
return {
"wait_seconds": wait_seconds,
}
@json_validate(
x=VInt("x", min=0, max=CANVAS_WIDTH, coerce=False),
y=VInt("y", min=0, max=CANVAS_HEIGHT, coerce=False),
)
@allow_oauth2_access
def GET_pixel(self, responder, x, y):
if x is None:
# copy the error set by VNumber/VInt
c.errors.add(
error_name=errors.BAD_NUMBER,
field="x",
msg_params={
"range": _("%(min)d to %(max)d") % {
"min": 0,
"max": CANVAS_WIDTH,
},
},
)
if y is None:
# copy the error set by VNumber/VInt
c.errors.add(
error_name=errors.BAD_NUMBER,
field="y",
msg_params={
"range": _("%(min)d to %(max)d") % {
"min": 0,
"max": CANVAS_HEIGHT,
},
},
)
if (responder.has_errors("x", errors.BAD_NUMBER) or
responder.has_errors("y", errors.BAD_NUMBER)):
return
pixel = Pixel.get_pixel_at(x, y)
if pixel and pixel["user_name"]:
# pixels blanked out by admins will not have a user_name set
return pixel
class PromoteController(ListingController):
where = 'promoted'
render_cls = PromotePage
@property
def title_text(self):
return _('promoted by you')
@classmethod
@memoize('live_by_subreddit', time=300)
def live_by_subreddit(cls, sr):
if sr == Frontpage:
sr_id = ''
else:
sr_id = sr._id
r = LiveAdWeights.get([sr_id])
return [i.link for i in r[sr_id]]
@classmethod
@memoize('subreddits_with_promos', time=3600)
def subreddits_with_promos(cls):
sr_ids = LiveAdWeights.get_live_subreddits()
srs = Subreddit._byID(sr_ids, return_dict=False)
sr_names = sorted([sr.name for sr in srs], key=lambda s: s.lower())
return sr_names
@property
def menus(self):
filters = [
NamedButton('all_promos', dest=''),
NamedButton('future_promos'),
NamedButton('unpaid_promos'),
NamedButton('rejected_promos'),
NamedButton('pending_promos'),
NamedButton('live_promos'),
]
menus = [
NavMenu(filters,
base_path='/promoted',
title='show',
type='lightdrop')
]
if self.sort == 'live_promos' and c.user_is_sponsor:
sr_names = self.subreddits_with_promos()
buttons = [NavButton(name, name) for name in sr_names]
frontbutton = NavButton('FRONTPAGE',
Frontpage.name,
aliases=[
'/promoted/live_promos/%s' %
urllib.quote(Frontpage.name)
])
buttons.insert(0, frontbutton)
buttons.insert(0, NavButton('all', ''))
menus.append(
NavMenu(buttons,
base_path='/promoted/live_promos',
title='subreddit',
type='lightdrop'))
return menus
def keep_fn(self):
def keep(item):
if item.promoted and not item._deleted:
return True
else:
return False
return keep
def query(self):
if c.user_is_sponsor:
if self.sort == "future_promos":
return queries.get_all_unapproved_links()
elif self.sort == "pending_promos":
return queries.get_all_accepted_links()
elif self.sort == "unpaid_promos":
return queries.get_all_unpaid_links()
elif self.sort == "rejected_promos":
return queries.get_all_rejected_links()
elif self.sort == "live_promos" and self.sr:
return self.live_by_subreddit(self.sr)
elif self.sort == 'live_promos':
return queries.get_all_live_links()
elif self.sort == 'underdelivered':
q = queries.get_underdelivered_campaigns()
campaigns = PromoCampaign._by_fullname(list(q),
data=True,
return_dict=False)
link_ids = [camp.link_id for camp in campaigns]
return [Link._fullname_from_id36(to36(id)) for id in link_ids]
return queries.get_all_promoted_links()
else:
if self.sort == "future_promos":
return queries.get_unapproved_links(c.user._id)
elif self.sort == "pending_promos":
return queries.get_accepted_links(c.user._id)
elif self.sort == "unpaid_promos":
return queries.get_unpaid_links(c.user._id)
elif self.sort == "rejected_promos":
return queries.get_rejected_links(c.user._id)
elif self.sort == "live_promos":
return queries.get_live_links(c.user._id)
return queries.get_promoted_links(c.user._id)
@validate(VSponsor(), sr=nop('sr'))
def GET_listing(self, sr=None, sort="", **env):
if not c.user_is_loggedin or not c.user.email_verified:
return self.redirect("/ad_inq")
self.sort = sort
self.sr = None
if sr and sr == Frontpage.name:
self.sr = Frontpage
elif sr:
try:
self.sr = Subreddit._by_name(sr)
except NotFound:
pass
return ListingController.GET_listing(self, **env)
GET_index = GET_listing
@validate(VSponsor())
def GET_new_promo(self):
return PromotePage('content', content=PromoteLinkNew()).render()
@validate(VSponsor('link'), link=VLink('link'))
def GET_edit_promo(self, link):
if not link or link.promoted is None:
return self.abort404()
rendered = wrap_links(link,
wrapper=promote.sponsor_wrapper,
skip=False)
form = PromoteLinkForm(link, rendered)
page = PromotePage('new_promo', content=form)
return page.render()
# admin only because the route might change
@validate(VSponsorAdmin('campaign'), campaign=VPromoCampaign('campaign'))
def GET_edit_promo_campaign(self, campaign):
if not campaign:
return self.abort404()
link = Link._byID(campaign.link_id)
return self.redirect(promote.promo_edit_url(link))
@json_validate(sr=VSubmitSR('sr', promotion=True),
start=VDate('startdate'),
end=VDate('enddate'))
def GET_check_inventory(self, responder, sr, start, end):
sr = sr or Frontpage
available_by_datestr = inventory.get_available_pageviews(sr,
start,
end,
datestr=True)
return {'inventory': available_by_datestr}
@validate(VSponsor(),
dates=VDateRange(["startdate", "enddate"],
max_range=timedelta(days=28),
required=False))
def GET_graph(self, dates):
start, end, bad_dates = _check_dates(dates)
return PromotePage("graph",
content=Promote_Graph(
start, end, bad_dates=bad_dates)).render()
@validate(VSponsorAdmin(),
dates=VDateRange(["startdate", "enddate"],
max_range=timedelta(days=28),
required=False))
def GET_admingraph(self, dates):
start, end, bad_dates = _check_dates(dates)
content = Promote_Graph(start,
end,
bad_dates=bad_dates,
admin_view=True)
if c.render_style == 'csv':
return content.as_csv()
return PromotePage("admingraph", content=content).render()
# ## POST controllers below
@validatedForm(VSponsorAdmin(),
link=VLink("link_id"),
campaign=VPromoCampaign("campaign_id36"))
def POST_freebie(self, form, jquery, link, campaign):
if campaign_has_oversold_error(form, campaign):
form.set_html(".freebie", "target oversold, can't freebie")
return
if promote.is_promo(link) and campaign:
promote.free_campaign(link, campaign, c.user)
form.redirect(promote.promo_edit_url(link))
@validatedForm(VSponsorAdmin(), link=VByName("link"), note=nop("note"))
def POST_promote_note(self, form, jquery, link, note):
if promote.is_promo(link):
text = PromotionLog.add(link, note)
form.find(".notes").children(":last").after("<p>" + text + "</p>")
@noresponse(VSponsorAdmin(), thing=VByName('id'))
def POST_promote(self, thing):
if promote.is_promo(thing):
promote.accept_promotion(thing)
@noresponse(VSponsorAdmin(), thing=VByName('id'), reason=nop("reason"))
def POST_unpromote(self, thing, reason):
if promote.is_promo(thing):
promote.reject_promotion(thing, reason=reason)
@validate(VSponsorAdmin(),
link=VLink("link"),
campaign=VPromoCampaign("campaign"))
def GET_refund(self, link, campaign):
if campaign.link_id != link._id:
return self.abort404()
content = RefundPage(link, campaign)
return Reddit("refund", content=content, show_sidebar=False).render()
@validatedForm(VSponsorAdmin(),
link=VLink('link'),
campaign=VPromoCampaign('campaign'))
def POST_refund_campaign(self, form, jquery, link, campaign):
billable_impressions = promote.get_billable_impressions(campaign)
billable_amount = promote.get_billable_amount(campaign,
billable_impressions)
refund_amount = campaign.bid - billable_amount
if refund_amount > 0:
promote.refund_campaign(link, campaign, billable_amount)
form.set_html('.status', _('refund succeeded'))
else:
form.set_html('.status', _('refund not needed'))
@validatedForm(VSponsor('link_id'),
VModhash(),
VRatelimit(rate_user=True,
rate_ip=True,
prefix='create_promo_'),
VShamedDomain('url'),
l=VLink('link_id'),
title=VTitle('title'),
url=VUrl('url', allow_self=False, lookup=False),
ip=ValidIP(),
disable_comments=VBoolean("disable_comments"),
media_width=VInt("media-width", min=0),
media_height=VInt("media-height", min=0),
media_embed=VLength("media-embed", 1000),
media_override=VBoolean("media-override"),
domain_override=VLength("domain", 100))
def POST_edit_promo(self, form, jquery, ip, l, title, url,
disable_comments, media_height, media_width,
media_embed, media_override, domain_override):
should_ratelimit = False
if not c.user_is_sponsor:
should_ratelimit = True
if not should_ratelimit:
c.errors.remove((errors.RATELIMIT, 'ratelimit'))
# check for shame banned domains
if form.has_errors("url", errors.DOMAIN_BANNED):
g.stats.simple_event('spam.shame.link')
return
# demangle URL in canonical way
if url:
if isinstance(url, (unicode, str)):
form.set_inputs(url=url)
elif isinstance(url, tuple) or isinstance(url[0], Link):
# there's already one or more links with this URL, but
# we're allowing mutliple submissions, so we really just
# want the URL
url = url[0].url
# users can change the disable_comments on promoted links
if ((not l or not promote.is_promoted(l))
and (form.has_errors('title', errors.NO_TEXT, errors.TOO_LONG)
or form.has_errors('url', errors.NO_URL, errors.BAD_URL)
or jquery.has_errors('ratelimit', errors.RATELIMIT))):
return
if not l:
l = promote.new_promotion(title, url, c.user, ip)
elif promote.is_promo(l):
changed = False
# live items can only be changed by a sponsor, and also
# pay the cost of de-approving the link
trusted = c.user_is_sponsor or c.user.trusted_sponsor
if not promote.is_promoted(l) or trusted:
if title and title != l.title:
l.title = title
changed = not trusted
if url and url != l.url:
l.url = url
changed = not trusted
# only trips if the title and url are changed by a non-sponsor
if changed and not promote.is_unpaid(l):
promote.unapprove_promotion(l)
if trusted and promote.is_unapproved(l):
promote.accept_promotion(l)
# comment disabling is free to be changed any time.
l.disable_comments = disable_comments
if c.user_is_sponsor or c.user.trusted_sponsor:
if media_embed and media_width and media_height:
l.media_object = dict(height=media_height,
width=media_width,
content=media_embed,
type='custom')
else:
l.media_object = None
l.media_override = media_override
if getattr(l, "domain_override", False) or domain_override:
l.domain_override = domain_override
l._commit()
form.redirect(promote.promo_edit_url(l))
@validate(VSponsorAdmin())
def GET_roadblock(self):
return PromotePage('content', content=Roadblocks()).render()
@validatedForm(VSponsorAdmin(),
VModhash(),
dates=VDateRange(['startdate', 'enddate'],
future=1,
reference_date=promote.promo_datetime_now,
business_days=False,
sponsor_override=True),
sr=VSubmitSR('sr', promotion=True))
def POST_add_roadblock(self, form, jquery, dates, sr):
if (form.has_errors('startdate', errors.BAD_DATE,
errors.BAD_FUTURE_DATE)
or form.has_errors('enddate', errors.BAD_DATE,
errors.BAD_FUTURE_DATE,
errors.BAD_DATE_RANGE)):
return
if form.has_errors('sr', errors.SUBREDDIT_NOEXIST,
errors.SUBREDDIT_NOTALLOWED,
errors.SUBREDDIT_REQUIRED):
return
if dates and sr:
sd, ed = dates
PromotedLinkRoadblock.add(sr, sd, ed)
jquery.refresh()
@validatedForm(VSponsorAdmin(),
VModhash(),
dates=VDateRange(['startdate', 'enddate'],
future=1,
reference_date=promote.promo_datetime_now,
business_days=False,
sponsor_override=True),
sr=VSubmitSR('sr', promotion=True))
def POST_rm_roadblock(self, form, jquery, dates, sr):
if dates and sr:
sd, ed = dates
PromotedLinkRoadblock.remove(sr, sd, ed)
jquery.refresh()
@validatedForm(VSponsor('link_id'),
VModhash(),
dates=VDateRange(['startdate', 'enddate'],
future=1,
reference_date=promote.promo_datetime_now,
business_days=False,
sponsor_override=True),
link=VLink('link_id'),
bid=VBid('bid',
min=0,
max=g.max_promote_bid,
coerce=False,
error=errors.BAD_BID),
sr=VSubmitSR('sr', promotion=True),
campaign_id36=nop("campaign_id36"),
targeting=VLength("targeting", 10))
def POST_edit_campaign(self, form, jquery, link, campaign_id36, dates, bid,
sr, targeting):
if not link:
return
start, end = dates or (None, None)
author = Account._byID(link.author_id, data=True)
cpm = author.cpm_selfserve_pennies
if (start and end and not promote.is_accepted(link)
and not c.user_is_sponsor):
# if the ad is not approved already, ensure the start date
# is at least 2 days in the future
start = start.date()
end = end.date()
now = promote.promo_datetime_now()
future = make_offset_date(now,
g.min_promote_future,
business_days=True)
if start < future.date():
c.errors.add(errors.BAD_FUTURE_DATE,
msg_params=dict(day=g.min_promote_future),
field="startdate")
if (form.has_errors('startdate', errors.BAD_DATE,
errors.BAD_FUTURE_DATE)
or form.has_errors('enddate', errors.BAD_DATE,
errors.BAD_FUTURE_DATE,
errors.BAD_DATE_RANGE)):
return
# Limit the number of PromoCampaigns a Link can have
# Note that the front end should prevent the user from getting
# this far
existing_campaigns = list(PromoCampaign._by_link(link._id))
if len(existing_campaigns) > g.MAX_CAMPAIGNS_PER_LINK:
c.errors.add(errors.TOO_MANY_CAMPAIGNS,
msg_params={'count': g.MAX_CAMPAIGNS_PER_LINK},
field='title')
form.has_errors('title', errors.TOO_MANY_CAMPAIGNS)
return
if form.has_errors('bid', errors.BAD_BID):
return
if campaign_id36:
# you cannot edit the bid of a live ad unless it's a freebie
try:
campaign = PromoCampaign._byID36(campaign_id36)
if (bid != campaign.bid
and campaign.start_date < datetime.now(g.tz)
and not campaign.is_freebie()):
c.errors.add(errors.BID_LIVE, field='bid')
form.has_errors('bid', errors.BID_LIVE)
return
except NotFound:
pass
min_bid = 0 if c.user_is_sponsor else g.min_promote_bid
if bid is None or bid < min_bid:
c.errors.add(errors.BAD_BID,
field='bid',
msg_params={
'min': min_bid,
'max': g.max_promote_bid
})
form.has_errors('bid', errors.BAD_BID)
return
if targeting == 'one':
if form.has_errors('sr', errors.SUBREDDIT_NOEXIST,
errors.SUBREDDIT_NOTALLOWED,
errors.SUBREDDIT_REQUIRED):
# checking to get the error set in the form, but we can't
# check for rate-limiting if there's no subreddit
return
roadblock = PromotedLinkRoadblock.is_roadblocked(sr, start, end)
if roadblock and not c.user_is_sponsor:
msg_params = {
"start": roadblock[0].strftime('%m/%d/%Y'),
"end": roadblock[1].strftime('%m/%d/%Y')
}
c.errors.add(errors.OVERSOLD,
field='sr',
msg_params=msg_params)
form.has_errors('sr', errors.OVERSOLD)
return
elif targeting == 'none':
sr = None
# Check inventory
campaign_id = campaign._id if campaign_id36 else None
if has_oversold_error(form, campaign_id, start, end, bid, cpm, sr):
return
if campaign_id36 is not None:
campaign = PromoCampaign._byID36(campaign_id36)
promote.edit_campaign(link, campaign, dates, bid, cpm, sr)
r = promote.get_renderable_campaigns(link, campaign)
jquery.update_campaign(r.campaign_id36, r.start_date, r.end_date,
r.duration, r.bid, r.spent, r.cpm, r.sr,
r.status)
else:
campaign = promote.new_campaign(link, dates, bid, cpm, sr)
r = promote.get_renderable_campaigns(link, campaign)
jquery.new_campaign(r.campaign_id36, r.start_date, r.end_date,
r.duration, r.bid, r.spent, r.cpm, r.sr,
r.status)
@validatedForm(VSponsor('link_id'),
VModhash(),
l=VLink('link_id'),
campaign=VPromoCampaign("campaign_id36"))
def POST_delete_campaign(self, form, jquery, l, campaign):
if l and campaign:
promote.delete_campaign(l, campaign)
@validatedForm(VSponsor('container'),
VModhash(),
user=VExistingUname('name'),
thing=VByName('container'))
def POST_traffic_viewer(self, form, jquery, user, thing):
"""
Adds a user to the list of users allowed to view a promoted
link's traffic page.
"""
if not form.has_errors("name", errors.USER_DOESNT_EXIST,
errors.NO_USER):
form.set_inputs(name="")
form.set_html(".status:first", _("added"))
if promote.add_traffic_viewer(thing, user):
user_row = TrafficViewerList(thing).user_row(
'traffic_viewer', user)
jquery(".traffic_viewer-table").show().find(
"table").insert_table_rows(user_row)
# send the user a message
msg = user_added_messages['traffic']['pm']['msg']
subj = user_added_messages['traffic']['pm']['subject']
if msg and subj:
d = dict(url=thing.make_permalink_slow(),
traffic_url=promote.promo_traffic_url(thing),
title=thing.title)
msg = msg % d
item, inbox_rel = Message._new(c.user, user, subj, msg,
request.ip)
queries.new_message(item, inbox_rel)
@validatedForm(VSponsor('container'),
VModhash(),
iuser=VByName('id'),
thing=VByName('container'))
def POST_rm_traffic_viewer(self, form, jquery, iuser, thing):
if thing and iuser:
promote.rm_traffic_viewer(thing, iuser)
@validatedForm(
VSponsor('link'),
link=VByName("link"),
campaign=VPromoCampaign("campaign"),
customer_id=VInt("customer_id", min=0),
pay_id=VInt("account", min=0),
edit=VBoolean("edit"),
address=ValidAddress([
"firstName", "lastName", "company", "address", "city", "state",
"zip", "country", "phoneNumber"
],
allowed_countries=g.allowed_pay_countries),
creditcard=ValidCard(["cardNumber", "expirationDate", "cardCode"]))
def POST_update_pay(self, form, jquery, link, campaign, customer_id,
pay_id, edit, address, creditcard):
# Check inventory
if campaign_has_oversold_error(form, campaign):
return
address_modified = not pay_id or edit
form_has_errors = False
if address_modified:
if (form.has_errors([
"firstName", "lastName", "company", "address", "city",
"state", "zip", "country", "phoneNumber"
], errors.BAD_ADDRESS) or form.has_errors(
["cardNumber", "expirationDate", "cardCode"],
errors.BAD_CARD)):
form_has_errors = True
elif g.authorizenetapi:
pay_id = edit_profile(c.user, address, creditcard, pay_id)
else:
pay_id = 1
# if link is in use or finished, don't make a change
if pay_id and not form_has_errors:
# valid bid and created or existing bid id.
# check if already a transaction
if g.authorizenetapi:
success, reason = promote.auth_campaign(
link, campaign, c.user, pay_id)
else:
success = True
if success:
form.redirect(promote.promo_edit_url(link))
else:
form.set_html(
".status", reason
or _("failed to authenticate card. sorry."))
@validate(VSponsor("link"),
link=VLink("link"),
campaign=VPromoCampaign("campaign"))
def GET_pay(self, link, campaign):
# no need for admins to play in the credit card area
if c.user_is_loggedin and c.user._id != link.author_id:
return self.abort404()
if not campaign.link_id == link._id:
return self.abort404()
if g.authorizenetapi:
data = get_account_info(c.user)
content = PaymentForm(link,
campaign,
customer_id=data.customerProfileId,
profiles=data.paymentProfiles,
max_profiles=PROFILE_LIMIT)
else:
content = None
res = LinkInfoPage(link=link, content=content, show_sidebar=False)
return res.render()
def GET_link_thumb(self, *a, **kw):
"""
See GET_upload_sr_image for rationale
"""
return "nothing to see here."
@validate(VSponsor("link_id"),
link=VByName('link_id'),
file=VLength('file', 500 * 1024),
img_type=VImageType('img_type'))
def POST_link_thumb(self, link=None, file=None, img_type='jpg'):
if link and (not promote.is_promoted(link) or c.user_is_sponsor
or c.user.trusted_sponsor):
errors = dict(BAD_CSS_NAME="", IMAGE_ERROR="")
try:
# thumnails for promoted links can change and therefore expire
force_thumbnail(link, file, file_type=".%s" % img_type)
except cssfilter.BadImage:
# if the image doesn't clean up nicely, abort
errors["IMAGE_ERROR"] = _("bad image")
if any(errors.values()):
return UploadedImage("",
"",
"upload",
errors=errors,
form_id="image-upload").render()
else:
link._commit()
return UploadedImage(_('saved'),
thumbnail_url(link),
"",
errors=errors,
form_id="image-upload").render()
@validate(VSponsorAdmin(),
launchdate=VDate('ondate'),
dates=VDateRange(['startdate', 'enddate']),
query_type=VOneOf('q', ('started_on', 'between'), default=None))
def GET_admin(self, launchdate=None, dates=None, query_type=None):
return PromoAdminTool(query_type=query_type,
launchdate=launchdate,
start=dates[0],
end=dates[1]).render()
@validate(VSponsorAdminOrAdminSecret('secret'),
start=VDate('startdate'),
end=VDate('enddate'),
link_text=nop('link_text'),
owner=VAccountByName('owner'))
def GET_report(self, start, end, link_text=None, owner=None):
now = datetime.now(g.tz).replace(hour=0,
minute=0,
second=0,
microsecond=0)
end = end or now - timedelta(days=1)
start = start or end - timedelta(days=7)
links = []
bad_links = []
owner_name = owner.name if owner else ''
if owner:
promo_weights = PromotionWeights.get_campaigns(start,
end,
author_id=owner._id)
campaign_ids = [pw.promo_idx for pw in promo_weights]
campaigns = PromoCampaign._byID(campaign_ids, data=True)
link_ids = {camp.link_id for camp in campaigns.itervalues()}
links.extend(Link._byID(link_ids, data=True, return_dict=False))
if link_text is not None:
id36s = link_text.replace(',', ' ').split()
try:
links_from_text = Link._byID36(id36s, data=True)
except NotFound:
links_from_text = {}
bad_links = [id36 for id36 in id36s if id36 not in links_from_text]
links.extend(links_from_text.values())
content = PromoteReport(links, link_text, owner_name, bad_links, start,
end)
if c.render_style == 'csv':
return content.as_csv()
else:
return PromotePage('report', content=content).render()
class APIv1GoldController(OAuth2OnlyController):
def _gift_using_creddits(self, recipient, months=1, thing_fullname=None,
proxying_for=None):
with creddits_lock(c.user):
if not c.user.employee and c.user.gold_creddits < months:
err = RedditError("INSUFFICIENT_CREDDITS")
self.on_validation_error(err)
note = None
buyer = c.user
if c.user.name.lower() in g.live_config["proxy_gilding_accounts"]:
note = "proxy-%s" % c.user.name
if proxying_for:
try:
buyer = Account._by_name(proxying_for)
except NotFound:
pass
send_gift(
buyer=buyer,
recipient=recipient,
months=months,
days=months * 31,
signed=False,
giftmessage=None,
thing_fullname=thing_fullname,
note=note,
)
if not c.user.employee:
c.user.gold_creddits -= months
c.user._commit()
@require_oauth2_scope("creddits")
@validate(
VUser(),
target=VByName("fullname"),
)
@api_doc(
api_section.gold,
uri="/api/v1/gold/gild/{fullname}",
)
def POST_gild(self, target):
if not isinstance(target, (Comment, Link)):
err = RedditError("NO_THING_ID")
self.on_validation_error(err)
if target.subreddit_slow.quarantine:
err = RedditError("GILDING_NOT_ALLOWED")
self.on_validation_error(err)
self._gift_using_creddits(
recipient=target.author_slow,
thing_fullname=target._fullname,
proxying_for=request.POST.get("proxying_for"),
)
@require_oauth2_scope("creddits")
@validate(
VUser(),
user=VAccountByName("username"),
months=VInt("months", min=1, max=36),
)
@api_doc(
api_section.gold,
uri="/api/v1/gold/give/{username}",
)
def POST_give(self, user, months):
self._gift_using_creddits(
recipient=user,
months=months,
proxying_for=request.POST.get("proxying_for"),
)
class APIv1GoldController(OAuth2ResourceController):
def pre(self):
OAuth2ResourceController.pre(self)
self.authenticate_with_token()
self.set_up_user_context()
self.run_sitewide_ratelimits()
def try_pagecache(self):
pass
@staticmethod
def on_validation_error(error):
abort_with_error(error, error.code or 400)
def _gift_using_creddits(self, recipient, months=1, thing_fullname=None):
with creddits_lock(c.user):
if not c.user.employee and c.user.gold_creddits < months:
err = RedditError("INSUFFICIENT_CREDDITS")
self.on_validation_error(err)
send_gift(
buyer=c.user,
recipient=recipient,
months=months,
days=months * 31,
signed=False,
giftmessage=None,
thing_fullname=thing_fullname,
)
if not c.user.employee:
c.user.gold_creddits -= months
c.user._commit()
@require_oauth2_scope("creddits")
@validate(
target=VByName("fullname"),
)
@api_doc(
api_section.gold,
uri="/api/v1/gold/gild/{fullname}",
)
def POST_gild(self, target):
if not isinstance(target, (Comment, Link)):
err = RedditError("NO_THING_ID")
self.on_validation_error(err)
self._gift_using_creddits(
recipient=target.author_slow,
thing_fullname=target._fullname,
)
@require_oauth2_scope("creddits")
@validate(
user=VAccountByName("username"),
months=VInt("months", min=1, max=36),
)
@api_doc(
api_section.gold,
uri="/api/v1/gold/give/{username}",
)
def POST_give(self, user, months):
self._gift_using_creddits(
recipient=user,
months=months,
)
class IpnController(RedditController):
# Used when buying gold with creddits
@validatedForm(VUser(),
months=VInt("months"),
passthrough=VPrintable("passthrough", max_length=50))
def POST_spendcreddits(self, form, jquery, months, passthrough):
if months is None or months < 1:
form.set_html(".status", _("nice try."))
return
days = months * 31
if not passthrough:
raise ValueError("/spendcreddits got no passthrough?")
blob_key, payment_blob = get_blob(passthrough)
if payment_blob["goldtype"] != "gift":
raise ValueError("/spendcreddits payment_blob %s has goldtype %s" %
(passthrough, payment_blob["goldtype"]))
signed = payment_blob["signed"]
giftmessage = _force_unicode(payment_blob["giftmessage"])
recipient_name = payment_blob["recipient"]
if payment_blob["account_id"] != c.user._id:
fmt = ("/spendcreddits payment_blob %s has userid %d " +
"but c.user._id is %d")
raise ValueError(fmt % passthrough, payment_blob["account_id"],
c.user._id)
try:
recipient = Account._by_name(recipient_name)
except NotFound:
raise ValueError(
"Invalid username %s in spendcreddits, buyer = %s" %
(recipient_name, c.user.name))
if recipient._deleted:
form.set_html(".status", _("that user has deleted their account"))
return
if not c.user.employee:
if months > c.user.gold_creddits:
raise ValueError(
"%s is trying to sneak around the creddit check" %
c.user.name)
c.user.gold_creddits -= months
c.user.gold_creddit_escrow += months
c.user._commit()
comment_id = payment_blob.get("comment")
comment = send_gift(c.user, recipient, months, days, signed,
giftmessage, comment_id)
if not c.user.employee:
c.user.gold_creddit_escrow -= months
c.user._commit()
payment_blob["status"] = "processed"
g.hardcache.set(blob_key, payment_blob, 86400 * 30)
form.set_html(".status", _("the gold has been delivered!"))
form.find("button").hide()
if comment:
gilding_message = make_comment_gold_message(comment,
user_gilded=True)
jquery.gild_comment(comment_id, gilding_message, comment.gildings)
@textresponse(paypal_secret=VPrintable('secret', 50),
payment_status=VPrintable('payment_status', 20),
txn_id=VPrintable('txn_id', 20),
paying_id=VPrintable('payer_id', 50),
payer_email=VPrintable('payer_email', 250),
mc_currency=VPrintable('mc_currency', 20),
mc_gross=VFloat('mc_gross'),
custom=VPrintable('custom', 50))
def POST_ipn(self, paypal_secret, payment_status, txn_id, paying_id,
payer_email, mc_currency, mc_gross, custom):
parameters = request.POST.copy()
# Make sure it's really PayPal
if paypal_secret != g.PAYPAL_SECRET:
log_text("invalid IPN secret",
"%s guessed the wrong IPN secret" % request.ip, "warning")
raise ValueError
# Return early if it's an IPN class we don't care about
response, psl = check_payment_status(payment_status)
if response:
return response
# Return early if it's a txn_type we don't care about
response, subscription = check_txn_type(parameters['txn_type'], psl)
if subscription is None:
subscr_id = None
elif subscription == "new":
subscr_id = parameters['subscr_id']
elif subscription == "cancel":
cancel_subscription(parameters['subscr_id'])
else:
raise ValueError("Weird subscription: %r" % subscription)
if response:
return response
# Check for the debug flag, and if so, dump the IPN dict
if g.cache.get("ipn-debug"):
g.cache.delete("ipn-debug")
dump_parameters(parameters)
if mc_currency != 'USD':
raise ValueError("Somehow got non-USD IPN %r" % mc_currency)
if not (txn_id and paying_id and payer_email and mc_gross):
dump_parameters(parameters)
raise ValueError("Got incomplete IPN")
pennies = int(mc_gross * 100)
months, days = months_and_days_from_pennies(pennies)
# Special case: autorenewal payment
existing = existing_subscription(subscr_id, paying_id, custom)
if existing:
if existing != "deleted account":
create_claimed_gold("P" + txn_id, payer_email, paying_id,
pennies, days, None, existing._id,
c.start_time, subscr_id)
admintools.engolden(existing, days)
g.log.info("Just applied IPN renewal for %s, %d days" %
(existing.name, days))
return "Ok"
# More sanity checks that all non-autorenewals should pass:
if not custom:
dump_parameters(parameters)
raise ValueError("Got IPN with txn_id=%s and no custom" % txn_id)
self.finish(parameters, "P" + txn_id, payer_email, paying_id,
subscr_id, custom, pennies, months, days)
def finish(self, parameters, txn_id, payer_email, paying_id, subscr_id,
custom, pennies, months, days):
blob_key, payment_blob = get_blob(custom)
buyer_id = payment_blob.get('account_id', None)
if not buyer_id:
dump_parameters(parameters)
raise ValueError("No buyer_id in IPN with custom='%s'" % custom)
try:
buyer = Account._byID(buyer_id)
except NotFound:
dump_parameters(parameters)
raise ValueError("Invalid buyer_id %d in IPN with custom='%s'" %
(buyer_id, custom))
if subscr_id:
buyer.gold_subscr_id = subscr_id
instagift = False
if payment_blob['goldtype'] in ('autorenew', 'onetime'):
admintools.engolden(buyer, days)
subject = _("Eureka! Thank you for investing in reddit gold!")
message = _("Thank you for buying reddit gold. Your patronage "
"supports the site and makes future development "
"possible. For example, one month of reddit gold "
"pays for 5 instance hours of reddit's servers.")
message += "\n\n" + strings.gold_benefits_msg
if g.lounge_reddit:
message += "\n* " + strings.lounge_msg
elif payment_blob['goldtype'] == 'creddits':
buyer._incr("gold_creddits", months)
buyer._commit()
subject = _("Eureka! Thank you for investing in reddit gold "
"creddits!")
message = _("Thank you for buying creddits. Your patronage "
"supports the site and makes future development "
"possible. To spend your creddits and spread reddit "
"gold, visit [/gold](/gold) or your favorite "
"person's user page.")
message += "\n\n" + strings.gold_benefits_msg + "\n\n"
message += _("Thank you again for your support, and have fun "
"spreading gold!")
elif payment_blob['goldtype'] == 'gift':
recipient_name = payment_blob.get('recipient', None)
try:
recipient = Account._by_name(recipient_name)
except NotFound:
dump_parameters(parameters)
raise ValueError(
"Invalid recipient_name %s in IPN/GC with custom='%s'" %
(recipient_name, custom))
signed = payment_blob.get("signed", False)
giftmessage = _force_unicode(payment_blob.get("giftmessage", ""))
comment_id = payment_blob.get("comment")
send_gift(buyer, recipient, months, days, signed, giftmessage,
comment_id)
instagift = True
subject = _("Thanks for giving the gift of reddit gold!")
message = _("Your classy gift to %s has been delivered.\n\n"
"Thank you for gifting reddit gold. Your patronage "
"supports the site and makes future development "
"possible.") % recipient.name
message += "\n\n" + strings.gold_benefits_msg + "\n\n"
message += _("Thank you again for your support, and have fun "
"spreading gold!")
else:
dump_parameters(parameters)
raise ValueError("Got status '%s' in IPN/GC" %
payment_blob['status'])
# Reuse the old "secret" column as a place to record the goldtype
# and "custom", just in case we need to debug it later or something
secret = payment_blob['goldtype'] + "-" + custom
if instagift:
status = "instagift"
else:
status = "processed"
create_claimed_gold(txn_id,
payer_email,
paying_id,
pennies,
days,
secret,
buyer_id,
c.start_time,
subscr_id,
status=status)
message = append_random_bottlecap_phrase(message)
send_system_message(buyer, subject, message, distinguished='gold-auto')
payment_blob["status"] = "processed"
g.hardcache.set(blob_key, payment_blob, 86400 * 30)
class StripeController(GoldPaymentController):
name = 'stripe'
webhook_secret = g.STRIPE_WEBHOOK_SECRET
event_type_mappings = {
'charge.succeeded': 'succeeded',
'charge.failed': 'failed',
'charge.refunded': 'refunded',
'charge.dispute.created': 'noop',
'charge.dispute.updated': 'noop',
'charge.dispute.closed': 'noop',
'customer.created': 'noop',
'customer.card.created': 'noop',
'customer.card.deleted': 'noop',
'transfer.created': 'noop',
'transfer.paid': 'noop',
'balance.available': 'noop',
'invoice.created': 'noop',
'invoice.updated': 'noop',
'invoice.payment_succeeded': 'noop',
'invoice.payment_failed': 'failed_subscription',
'invoiceitem.deleted': 'noop',
'customer.subscription.created': 'noop',
'customer.deleted': 'noop',
'customer.updated': 'noop',
'customer.subscription.deleted': 'noop',
'customer.subscription.trial_will_end': 'noop',
'customer.subscription.updated': 'noop',
'dummy': 'noop',
}
@classmethod
def process_response(cls):
event_dict = json.loads(request.body)
event = stripe.Event.construct_from(event_dict, g.STRIPE_SECRET_KEY)
status = event.type
if status == 'invoice.created':
# sent 1 hr before a subscription is charged or immediately for
# a new subscription
invoice = event.data.object
customer_id = invoice.customer
account = account_from_stripe_customer_id(customer_id)
# if the charge hasn't been attempted (meaning this is 1 hr before
# the charge) check that the account can receive the gold
if (not invoice.attempted
and (not account or (account and account._banned))):
# there's no associated account - delete the subscription
# to cancel the charge
g.log.error('no account for stripe invoice: %s', invoice)
try:
customer = stripe.Customer.retrieve(customer_id)
customer.delete()
except stripe.InvalidRequestError:
pass
elif status == 'invoice.payment_failed':
invoice = event.data.object
customer_id = invoice.customer
buyer = account_from_stripe_customer_id(customer_id)
webhook = Webhook(subscr_id=customer_id, buyer=buyer)
return status, webhook
event_type = cls.event_type_mappings.get(status)
if not event_type:
raise ValueError('Stripe: unrecognized status %s' % status)
elif event_type == 'noop':
return status, None
charge = event.data.object
description = charge.description
invoice_id = charge.invoice
transaction_id = 'S%s' % charge.id
pennies = charge.amount
months, days = months_and_days_from_pennies(pennies)
if status == 'charge.failed' and invoice_id:
# we'll get an additional failure notification event of
# "invoice.payment_failed", don't double notify
return 'dummy', None
elif status == 'charge.failed' and not description:
# create_customer can POST successfully but fail to create a
# customer because the card is declined. This will trigger a
# 'charge.failed' notification but without description so we can't
# do anything with it
return 'dummy', None
elif invoice_id:
# subscription charge - special handling
customer_id = charge.customer
buyer = account_from_stripe_customer_id(customer_id)
if not buyer:
charge_date = datetime.fromtimestamp(charge.created, tz=g.tz)
# don't raise exception if charge date is within the past hour
# db replication lag may cause the account lookup to fail
if charge_date < timeago('1 hour'):
raise ValueError('no buyer for charge: %s' % charge.id)
else:
abort(404, "not found")
webhook = Webhook(transaction_id=transaction_id,
subscr_id=customer_id,
pennies=pennies,
months=months,
goldtype='autorenew',
buyer=buyer)
return status, webhook
else:
try:
passthrough, buyer_name = description.split('-', 1)
except (AttributeError, ValueError):
g.log.error('stripe_error on charge: %s', charge)
raise
webhook = Webhook(passthrough=passthrough,
transaction_id=transaction_id,
pennies=pennies,
months=months)
return status, webhook
@classmethod
@handle_stripe_error
def create_customer(cls, form, token):
description = c.user.name
customer = stripe.Customer.create(card=token, description=description)
if (customer['active_card']['address_line1_check'] == 'fail'
or customer['active_card']['address_zip_check'] == 'fail'):
form.set_html('.status', _('error: address verification failed'))
form.find('.stripe-submit').removeAttr('disabled').end()
return None
elif customer['active_card']['cvc_check'] == 'fail':
form.set_html('.status', _('error: cvc check failed'))
form.find('.stripe-submit').removeAttr('disabled').end()
return None
else:
return customer
@classmethod
@handle_stripe_error
def charge_customer(cls, form, customer, pennies, passthrough):
charge = stripe.Charge.create(amount=pennies,
currency="usd",
customer=customer['id'],
description='%s-%s' %
(passthrough, c.user.name))
return charge
@classmethod
@handle_stripe_error
def set_creditcard(cls, form, user, token):
if not user.has_stripe_subscription:
return
customer = stripe.Customer.retrieve(user.gold_subscr_id)
customer.card = token
customer.save()
return customer
@classmethod
@handle_stripe_error
def set_subscription(cls, form, customer, plan_id):
subscription = customer.update_subscription(plan=plan_id)
return subscription
@classmethod
@handle_stripe_error
def cancel_subscription(cls, form, user):
if not user.has_stripe_subscription:
return
customer = stripe.Customer.retrieve(user.gold_subscr_id)
customer.delete()
user.gold_subscr_id = None
user._commit()
subject = _('your gold subscription has been cancelled')
message = _('if you have any questions please email %(email)s')
message %= {'email': g.goldthanks_email}
send_system_message(user, subject, message)
return customer
@validatedForm(VUser(),
token=nop('stripeToken'),
passthrough=VPrintable("passthrough", max_length=50),
pennies=VInt('pennies'),
months=VInt("months"),
period=VOneOf("period", ("monthly", "yearly")))
def POST_goldcharge(self, form, jquery, token, passthrough, pennies,
months, period):
"""
Submit charge to stripe.
Called by GoldPayment form. This submits the charge to stripe, and gold
will be applied once we receive a webhook from stripe.
"""
try:
payment_blob = validate_blob(passthrough)
except GoldException as e:
# This should never happen. All fields in the payment_blob
# are validated on creation
form.set_html('.status',
_('something bad happened, try again later'))
g.log.debug('POST_goldcharge: %s' % e.message)
return
if period:
plan_id = (g.STRIPE_MONTHLY_GOLD_PLAN
if period == 'monthly' else g.STRIPE_YEARLY_GOLD_PLAN)
if c.user.has_gold_subscription:
form.set_html(
'.status',
_('your account already has a gold subscription'))
return
else:
plan_id = None
penny_months, days = months_and_days_from_pennies(pennies)
if not months or months != penny_months:
form.set_html('.status', _('stop trying to trick the form'))
return
customer = self.create_customer(form, token)
if not customer:
return
if period:
subscription = self.set_subscription(form, customer, plan_id)
if not subscription:
return
c.user.gold_subscr_id = customer.id
c.user._commit()
status = _('subscription created')
subject = _('reddit gold subscription')
body = _('Your subscription is being processed and reddit gold '
'will be delivered shortly.')
else:
charge = self.charge_customer(form, customer, pennies, passthrough)
if not charge:
return
status = _('payment submitted')
subject = _('reddit gold payment')
body = _('Your payment is being processed and reddit gold '
'will be delivered shortly.')
form.set_html('.status', status)
body = append_random_bottlecap_phrase(body)
send_system_message(c.user, subject, body, distinguished='gold-auto')
@validatedForm(VUser(), VModhash(), token=nop('stripeToken'))
def POST_modify_subscription(self, form, jquery, token):
customer = self.set_creditcard(form, c.user, token)
if not customer:
return
form.set_html('.status', _('your payment details have been updated'))
@validatedForm(VUser(), VModhash(), user=VByName('user'))
def POST_cancel_subscription(self, form, jquery, user):
if user != c.user and not c.user_is_admin:
self.abort403()
customer = self.cancel_subscription(form, user)
if not customer:
return
form.set_html(".status", _("your subscription has been cancelled"))
class APIv1GoldController(OAuth2ResourceController):
handles_csrf = True
def pre(self):
OAuth2ResourceController.pre(self)
if request.method != "OPTIONS":
self.authenticate_with_token()
self.set_up_user_context()
self.run_sitewide_ratelimits()
def try_pagecache(self):
pass
@staticmethod
def on_validation_error(error):
abort_with_error(error, error.code or 400)
def _gift_using_creddits(self,
recipient,
months=1,
thing_fullname=None,
proxying_for=None):
with creddits_lock(c.user):
if not c.user.employee and c.user.gold_creddits < months:
err = RedditError("INSUFFICIENT_CREDDITS")
self.on_validation_error(err)
note = None
buyer = c.user
if c.user.name.lower() in g.live_config["proxy_gilding_accounts"]:
note = "proxy-%s" % c.user.name
if proxying_for:
try:
buyer = Account._by_name(proxying_for)
except NotFound:
pass
send_gift(
buyer=buyer,
recipient=recipient,
months=months,
days=months * 31,
signed=False,
giftmessage=None,
thing_fullname=thing_fullname,
note=note,
)
if not c.user.employee:
c.user.gold_creddits -= months
c.user._commit()
@require_oauth2_scope("creddits")
@validate(
VUser(),
target=VByName("fullname"),
)
@api_doc(
api_section.gold,
uri="/api/v1/gold/gild/{fullname}",
)
def POST_gild(self, target):
if not isinstance(target, (Comment, Link)):
err = RedditError("NO_THING_ID")
self.on_validation_error(err)
self._gift_using_creddits(
recipient=target.author_slow,
thing_fullname=target._fullname,
proxying_for=request.POST.get("proxying_for"),
)
@require_oauth2_scope("creddits")
@validate(
VUser(),
user=VAccountByName("username"),
months=VInt("months", min=1, max=36),
)
@api_doc(
api_section.gold,
uri="/api/v1/gold/give/{username}",
)
def POST_give(self, user, months):
self._gift_using_creddits(
recipient=user,
months=months,
proxying_for=request.POST.get("proxying_for"),
)
class ButtonApiController(ApiController):
@validate(
VUser(),
VModhash(),
seconds_remaining=VInt('seconds', min=0, max=60),
previous_seconds=VInt('prev_seconds'),
tick_time=nop('tick_time'),
tick_mac=nop('tick_mac'),
)
def POST_press_button(self, seconds_remaining, previous_seconds, tick_time, tick_mac):
if not g.live_config['thebutton_is_active']:
return
if c.user._date > ACCOUNT_CREATION_CUTOFF:
return
user_has_pressed = ButtonPressByUser.has_pressed(c.user)
if user_has_pressed and not c.user.employee:
return
if has_timer_expired():
# time has expired: no longer possible to press the button
return
has_started = has_timer_started()
if not has_started:
# the timer can only be started through reddit-shell
return
cheater = False
if (seconds_remaining is None or
previous_seconds is None or
tick_time is None or
tick_mac is None):
# incomplete info from client, just let them press it anyways
seconds_remaining = max(0, int(get_seconds_left()))
elif not check_tick_mac(previous_seconds, tick_time, tick_mac):
# can't trust the values sent by the client
seconds_remaining = max(0, int(get_seconds_left()))
cheater = True
else:
# client sent a valid mac so we can trust:
# previous_seconds - the timer value at the last tick
# tick_time - the datetime at the last tick
# check to make sure tick_time wasn't too long ago
then = str_to_datetime(tick_time)
now = datetime.now(g.tz)
if then and (now - then).total_seconds() > 60:
# client sent an old (but potentially valid) mac, etc.
seconds_remaining = max(0, int(get_seconds_left()))
cheater = True
# GOTCHA: the client actually sends the same value for
# previous_seconds and seconds_remaining so make sure those match.
# If the client sent down its own ticking down timer as
# seconds_remaining we would want to compare to previous_seconds to
# make sure they weren't too far apart
if previous_seconds != seconds_remaining:
seconds_remaining = max(0, int(get_seconds_left()))
cheater = True
press_button(c.user)
g.stats.simple_event("thebutton.press")
if cheater:
g.stats.simple_event("thebutton.cheater")
# don't flair on first press (the starter)
if not has_started:
return
if user_has_pressed:
# don't flair on multiple employee presses
return
if cheater:
flair_css = "cheater"
elif seconds_remaining > 51:
flair_css = "press-6"
elif seconds_remaining > 41:
flair_css = "press-5"
elif seconds_remaining > 31:
flair_css = "press-4"
elif seconds_remaining > 21:
flair_css = "press-3"
elif seconds_remaining > 11:
flair_css = "press-2"
else:
flair_css = "press-1"
flair_text = "%ss" % seconds_remaining
setattr(c.user, 'flair_%s_text' % g.live_config["thebutton_srid"], flair_text)
setattr(c.user, 'flair_%s_css_class' % g.live_config["thebutton_srid"], flair_css)
c.user._commit()
class PromoteApiController(ApiController):
@json_validate(sr=VSubmitSR('sr', promotion=True),
location=VLocation(),
start=VDate('startdate'),
end=VDate('enddate'))
def GET_check_inventory(self, responder, sr, location, start, end):
sr = sr or Frontpage
if not location or not location.country:
available = inventory.get_available_pageviews(sr,
start,
end,
datestr=True)
else:
available = inventory.get_available_pageviews_geotargeted(
sr, location, start, end, datestr=True)
return {'inventory': available}
@validatedForm(VSponsorAdmin(),
VModhash(),
link=VLink("link_id36"),
campaign=VPromoCampaign("campaign_id36"))
def POST_freebie(self, form, jquery, link, campaign):
if not link or not campaign or link._id != campaign.link_id:
return abort(404, 'not found')
if campaign_has_oversold_error(form, campaign):
form.set_html(".freebie", "target oversold, can't freebie")
return
if promote.is_promo(link) and campaign:
promote.free_campaign(link, campaign, c.user)
form.redirect(promote.promo_edit_url(link))
@validatedForm(VSponsorAdmin(),
VModhash(),
link=VByName("link"),
note=nop("note"))
def POST_promote_note(self, form, jquery, link, note):
if promote.is_promo(link):
text = PromotionLog.add(link, note)
form.find(".notes").children(":last").after("<p>" + websafe(text) +
"</p>")
@noresponse(VSponsorAdmin(), VModhash(), thing=VByName('id'))
def POST_promote(self, thing):
if promote.is_promo(thing):
promote.accept_promotion(thing)
@noresponse(VSponsorAdmin(),
VModhash(),
thing=VByName('id'),
reason=nop("reason"))
def POST_unpromote(self, thing, reason):
if promote.is_promo(thing):
promote.reject_promotion(thing, reason=reason)
@validatedForm(VSponsorAdmin(),
VModhash(),
link=VLink('link'),
campaign=VPromoCampaign('campaign'))
def POST_refund_campaign(self, form, jquery, link, campaign):
if not link or not campaign or link._id != campaign.link_id:
return abort(404, 'not found')
billable_impressions = promote.get_billable_impressions(campaign)
billable_amount = promote.get_billable_amount(campaign,
billable_impressions)
refund_amount = promote.get_refund_amount(campaign, billable_amount)
if refund_amount > 0:
promote.refund_campaign(link, campaign, billable_amount,
billable_impressions)
form.set_html('.status', _('refund succeeded'))
else:
form.set_html('.status', _('refund not needed'))
@validatedForm(VSponsor('link_id36'),
VModhash(),
VRatelimit(rate_user=True,
rate_ip=True,
prefix='create_promo_'),
VShamedDomain('url'),
username=VLength('username', 100, empty_error=None),
l=VLink('link_id36'),
title=VTitle('title'),
url=VUrl('url', allow_self=False),
selftext=VSelfText('text'),
kind=VOneOf('kind', ['link', 'self']),
ip=ValidIP(),
disable_comments=VBoolean("disable_comments"),
sendreplies=VBoolean("sendreplies"),
media_width=VInt("media-width", min=0),
media_height=VInt("media-height", min=0),
media_embed=VLength("media-embed", 1000),
media_override=VBoolean("media-override"),
domain_override=VLength("domain", 100))
def POST_edit_promo(self, form, jquery, ip, username, l, title, url,
selftext, kind, disable_comments, sendreplies,
media_height, media_width, media_embed, media_override,
domain_override):
should_ratelimit = False
if not c.user_is_sponsor:
should_ratelimit = True
if not should_ratelimit:
c.errors.remove((errors.RATELIMIT, 'ratelimit'))
# check for user override
if not l and c.user_is_sponsor and username:
try:
user = Account._by_name(username)
except NotFound:
c.errors.add(errors.USER_DOESNT_EXIST, field="username")
form.set_error(errors.USER_DOESNT_EXIST, "username")
return
if not user.email:
c.errors.add(errors.NO_EMAIL_FOR_USER, field="username")
form.set_error(errors.NO_EMAIL_FOR_USER, "username")
return
if not user.email_verified:
c.errors.add(errors.NO_VERIFIED_EMAIL, field="username")
form.set_error(errors.NO_VERIFIED_EMAIL, "username")
return
else:
user = c.user
# check for shame banned domains
if form.has_errors("url", errors.DOMAIN_BANNED):
g.stats.simple_event('spam.shame.link')
return
# demangle URL in canonical way
if url:
if isinstance(url, (unicode, str)):
form.set_inputs(url=url)
elif isinstance(url, tuple) or isinstance(url[0], Link):
# there's already one or more links with this URL, but
# we're allowing mutliple submissions, so we really just
# want the URL
url = url[0].url
if kind == 'link':
if form.has_errors('url', errors.NO_URL, errors.BAD_URL):
return
# users can change the disable_comments on promoted links
if ((not l or not promote.is_promoted(l))
and (form.has_errors('title', errors.NO_TEXT, errors.TOO_LONG)
or jquery.has_errors('ratelimit', errors.RATELIMIT))):
return
if not l:
l = promote.new_promotion(title, url if kind == 'link' else 'self',
selftext if kind == 'self' else '', user,
ip)
elif promote.is_promo(l):
# changing link type is not allowed
if ((l.is_self and kind == 'link')
or (not l.is_self and kind == 'self')):
c.errors.add(errors.NO_CHANGE_KIND, field="kind")
form.set_error(errors.NO_CHANGE_KIND, "kind")
return
changed = False
# live items can only be changed by a sponsor, and also
# pay the cost of de-approving the link
trusted = c.user_is_sponsor or c.user.trusted_sponsor
if not promote.is_promoted(l) or trusted:
if title and title != l.title:
l.title = title
changed = not trusted
if kind == 'link' and url and url != l.url:
l.url = url
changed = not trusted
# only trips if the title and url are changed by a non-sponsor
if changed:
promote.unapprove_promotion(l)
# selftext can be changed at any time
if kind == 'self':
l.selftext = selftext
# comment disabling and sendreplies is free to be changed any time.
l.disable_comments = disable_comments
l.sendreplies = sendreplies
if c.user_is_sponsor or c.user.trusted_sponsor:
if media_embed and media_width and media_height:
l.media_object = dict(height=media_height,
width=media_width,
content=media_embed,
type='custom')
else:
l.media_object = None
l.media_override = media_override
if getattr(l, "domain_override", False) or domain_override:
l.domain_override = domain_override
l._commit()
form.redirect(promote.promo_edit_url(l))
@validatedForm(VSponsorAdmin(),
VModhash(),
dates=VDateRange(['startdate', 'enddate'],
reference_date=promote.promo_datetime_now),
sr=VSubmitSR('sr', promotion=True))
def POST_add_roadblock(self, form, jquery, dates, sr):
if (form.has_errors('startdate', errors.BAD_DATE) or form.has_errors(
'enddate', errors.BAD_DATE, errors.BAD_DATE_RANGE)):
return
if form.has_errors('sr', errors.SUBREDDIT_NOEXIST,
errors.SUBREDDIT_NOTALLOWED,
errors.SUBREDDIT_REQUIRED):
return
if dates and sr:
sd, ed = dates
PromotedLinkRoadblock.add(sr, sd, ed)
jquery.refresh()
@validatedForm(VSponsorAdmin(),
VModhash(),
dates=VDateRange(['startdate', 'enddate'],
reference_date=promote.promo_datetime_now),
sr=VSubmitSR('sr', promotion=True))
def POST_rm_roadblock(self, form, jquery, dates, sr):
if dates and sr:
sd, ed = dates
PromotedLinkRoadblock.remove(sr, sd, ed)
jquery.refresh()
@validatedForm(VSponsor('link_id36'),
VModhash(),
dates=VDateRange(
['startdate', 'enddate'],
earliest=timedelta(days=g.min_promote_future),
latest=timedelta(days=g.max_promote_future),
reference_date=promote.promo_datetime_now,
business_days=True,
sponsor_override=True),
link=VLink('link_id36'),
bid=VFloat('bid', coerce=False),
sr=VSubmitSR('sr', promotion=True),
campaign_id36=nop("campaign_id36"),
targeting=VLength("targeting", 10),
priority=VPriority("priority"),
location=VLocation())
def POST_edit_campaign(self, form, jquery, link, campaign_id36, dates, bid,
sr, targeting, priority, location):
if not link:
return
start, end = dates or (None, None)
if location and sr and not c.user_is_sponsor:
# only sponsors can geotarget on subreddits
location = None
if location and location.metro:
cpm = g.cpm_selfserve_geotarget_metro.pennies
elif location:
cpm = g.cpm_selfserve_geotarget_country.pennies
else:
author = Account._byID(link.author_id, data=True)
cpm = author.cpm_selfserve_pennies
if (form.has_errors('startdate', errors.BAD_DATE,
errors.DATE_TOO_EARLY, errors.DATE_TOO_LATE)
or form.has_errors('enddate', errors.BAD_DATE,
errors.DATE_TOO_EARLY, errors.DATE_TOO_LATE,
errors.BAD_DATE_RANGE)):
return
# Limit the number of PromoCampaigns a Link can have
# Note that the front end should prevent the user from getting
# this far
existing_campaigns = list(PromoCampaign._by_link(link._id))
if len(existing_campaigns) > g.MAX_CAMPAIGNS_PER_LINK:
c.errors.add(errors.TOO_MANY_CAMPAIGNS,
msg_params={'count': g.MAX_CAMPAIGNS_PER_LINK},
field='title')
form.has_errors('title', errors.TOO_MANY_CAMPAIGNS)
return
campaign = None
if campaign_id36:
try:
campaign = PromoCampaign._byID36(campaign_id36)
except NotFound:
pass
if campaign and link._id != campaign.link_id:
return abort(404, 'not found')
if priority.cpm:
min_bid = 0 if c.user_is_sponsor else g.min_promote_bid
max_bid = None if c.user_is_sponsor else g.max_promote_bid
if bid is None or bid < min_bid or (max_bid and bid > max_bid):
c.errors.add(errors.BAD_BID,
field='bid',
msg_params={
'min': min_bid,
'max': max_bid or g.max_promote_bid
})
form.has_errors('bid', errors.BAD_BID)
return
# you cannot edit the bid of a live ad unless it's a freebie
if (campaign and bid != campaign.bid
and promote.is_live_promo(link, campaign)
and not campaign.is_freebie()):
c.errors.add(errors.BID_LIVE, field='bid')
form.has_errors('bid', errors.BID_LIVE)
return
else:
bid = 0. # Set bid to 0 as dummy value
if targeting == 'one':
if form.has_errors('sr', errors.SUBREDDIT_NOEXIST,
errors.SUBREDDIT_NOTALLOWED,
errors.SUBREDDIT_REQUIRED):
# checking to get the error set in the form, but we can't
# check for rate-limiting if there's no subreddit
return
roadblock = PromotedLinkRoadblock.is_roadblocked(sr, start, end)
if roadblock and not c.user_is_sponsor:
msg_params = {
"start": roadblock[0].strftime('%m/%d/%Y'),
"end": roadblock[1].strftime('%m/%d/%Y')
}
c.errors.add(errors.OVERSOLD,
field='sr',
msg_params=msg_params)
form.has_errors('sr', errors.OVERSOLD)
return
elif targeting == 'none':
sr = None
# Check inventory
campaign = campaign if campaign_id36 else None
if not priority.inventory_override:
oversold = has_oversold_error(form, campaign, start, end, bid, cpm,
sr, location)
if oversold:
return
if campaign:
promote.edit_campaign(link, campaign, dates, bid, cpm, sr,
priority, location)
else:
campaign = promote.new_campaign(link, dates, bid, cpm, sr,
priority, location)
rc = RenderableCampaign.from_campaigns(link, campaign)
jquery.update_campaign(campaign._fullname, rc.render_html())
@validatedForm(VSponsor('link_id36'),
VModhash(),
l=VLink('link_id36'),
campaign=VPromoCampaign("campaign_id36"))
def POST_delete_campaign(self, form, jquery, l, campaign):
if not campaign or not l or l._id != campaign.link_id:
return abort(404, 'not found')
promote.delete_campaign(l, campaign)
@validatedForm(VSponsorAdmin(),
VModhash(),
link=VLink('link_id36'),
campaign=VPromoCampaign("campaign_id36"))
def POST_terminate_campaign(self, form, jquery, link, campaign):
if not link or not campaign or link._id != campaign.link_id:
return abort(404, 'not found')
promote.terminate_campaign(link, campaign)
rc = RenderableCampaign.from_campaigns(link, campaign)
jquery.update_campaign(campaign._fullname, rc.render_html())
@validatedForm(VSponsor('link'),
VModhash(),
link=VByName("link"),
campaign=VPromoCampaign("campaign"),
customer_id=VInt("customer_id", min=0),
pay_id=VInt("account", min=0),
edit=VBoolean("edit"),
address=ValidAddress([
"firstName", "lastName", "company", "address", "city",
"state", "zip", "country", "phoneNumber"
]),
creditcard=ValidCard(
["cardNumber", "expirationDate", "cardCode"]))
def POST_update_pay(self, form, jquery, link, campaign, customer_id,
pay_id, edit, address, creditcard):
if not link or not campaign or link._id != campaign.link_id:
return abort(404, 'not found')
# Check inventory
if campaign_has_oversold_error(form, campaign):
return
address_modified = not pay_id or edit
form_has_errors = False
if address_modified:
if (form.has_errors([
"firstName", "lastName", "company", "address", "city",
"state", "zip", "country", "phoneNumber"
], errors.BAD_ADDRESS) or form.has_errors(
["cardNumber", "expirationDate", "cardCode"],
errors.BAD_CARD)):
form_has_errors = True
elif g.authorizenetapi:
pay_id = edit_profile(c.user, address, creditcard, pay_id)
else:
pay_id = 1
# if link is in use or finished, don't make a change
if pay_id and not form_has_errors:
# valid bid and created or existing bid id.
# check if already a transaction
if g.authorizenetapi:
success, reason = promote.auth_campaign(
link, campaign, c.user, pay_id)
else:
success = True
if success:
form.redirect(promote.promo_edit_url(link))
else:
form.set_html(
".status", reason
or _("failed to authenticate card. sorry."))
@validate(VSponsor("link_name"),
VModhash(),
link=VByName('link_name'),
file=VUploadLength('file', 500 * 1024),
img_type=VImageType('img_type'))
def POST_link_thumb(self, link=None, file=None, img_type='jpg'):
if link and (not promote.is_promoted(link) or c.user_is_sponsor
or c.user.trusted_sponsor):
errors = dict(BAD_CSS_NAME="", IMAGE_ERROR="")
try:
# thumnails for promoted links can change and therefore expire
force_thumbnail(link, file, file_type=".%s" % img_type)
except cssfilter.BadImage:
# if the image doesn't clean up nicely, abort
errors["IMAGE_ERROR"] = _("bad image")
if any(errors.values()):
return UploadedImage("",
"",
"upload",
errors=errors,
form_id="image-upload").render()
else:
link._commit()
return UploadedImage(_('saved'),
thumbnail_url(link),
"",
errors=errors,
form_id="image-upload").render()
class QrCodeController(RedditController):
@validate(
meetup=validators.VMeetup("codename"), )
def GET_portal(self, meetup):
if meetup.state != "closed":
if c.user_is_loggedin:
content = pages.MeetupPortal(meetup=meetup)
else:
content = pages.LoggedOutMeetupPortal(meetup=meetup)
else:
content = pages.ClosedMeetupPortal(meetup=meetup)
return pages.MeatspacePage(content=content,
page_classes=["meatspace-portal"]).render()
@validate(
VUser(),
meetup=validators.VMeetup("codename"),
)
def GET_configure_badge(self, meetup):
if meetup.state not in BADGE_STATES:
return redirect_to("/meetup/%s" % str(meetup._id))
content = pages.ConversationStarterSelector(meetup, c.user)
return pages.MeatspacePage(content=content).render()
@validate(
VUser(),
meetup=validators.VMeetup("codename"),
topic=validators.VConversationStarter("topic"),
)
def GET_badge(self, meetup, topic):
if meetup.state not in BADGE_STATES:
return redirect_to("/meetup/%s" % str(meetup._id))
content = pages.QrCodeBadge(meetup, c.user, topic)
return pages.MeatspaceBadgePage(content=content).render()
@validate(
VUser(),
meetup=validators.VMeetup("codename"),
)
def GET_mobile_badge(self, meetup):
if meetup.state not in BADGE_STATES:
return redirect_to("/meetup/%s" % str(meetup._id))
content = pages.MobileQrCodeBadge(meetup, c.user)
return content.render()
@validate(
VUser(),
meetup=validators.VMeetup("codename"),
other=VExistingUname("user"),
connected_with=VExistingUname("connected-with"),
code=VInt("code"),
)
def GET_connect(self, meetup, other, code, connected_with):
if meetup.state not in CONNECT_STATES:
self.abort404()
content = pages.QrCodeForm(
meetup=meetup,
other=other,
code=code,
connected_with=connected_with,
)
return pages.MeatspacePage(content=content).render()
@validatedForm(
VUser(),
meetup=validators.VMeetup("codename"),
other=VExistingUname("username"),
code=VInt("code"),
)
def POST_connect(self, form, jquery, meetup, other, code):
if meetup.state not in CONNECT_STATES:
self.abort403()
jquery("body .connection-success").hide()
if form.has_errors("username", errors.NO_USER,
errors.USER_DOESNT_EXIST):
return
if c.user == other:
c.errors.add(errors.MEETUP_NOT_WITH_SELF, field="username")
form.set_error(errors.MEETUP_NOT_WITH_SELF, "username")
return
expected_code = utils.make_secret_code(meetup, other)
if code != expected_code:
g.log.warning("%r just tried an invalid code on %r", c.user.name,
other.name)
c.errors.add(errors.MEETUP_INVALID_CODE, field="code")
form.set_error(errors.MEETUP_INVALID_CODE, "code")
return
models.MeetupConnections._connect(meetup, c.user, other)
models.MeetupConnectionsByAccount._connect(meetup, c.user, other)
g.stats.simple_event("meetup.connection")
form.redirect("/meetup/%s/connect?connected-with=%s" %
(meetup._id, other.name))
@validate(
VUser(),
meetup=validators.VMeetup("codename"),
)
def GET_connections(self, meetup):
all_connections = models.MeetupConnectionsByAccount._connections(
meetup, c.user)
connections = [a for a in all_connections if not a._deleted]
content = pages.QrCodeConnections(
meetup=meetup,
connections=connections,
)
return pages.MeatspacePage(content=content).render()
@validate(meetup=validators.VMeetup("codename"))
def GET_connect_shortlink(self, meetup, user, code):
if meetup.state not in CONNECT_STATES:
self.abort404()
params = urllib.urlencode({
"user": user,
"code": code,
})
return redirect_to("/meetup/%s/connect?%s" % (str(meetup._id), params),
_code=301)
class ModmailController(OAuth2OnlyController):
def pre(self):
# Set user_is_admin property on context,
# normally set but this controller does not inherit
# from RedditController
super(ModmailController, self).pre()
admin_usernames = [
name.lower() for name in g.live_config['modmail_admins']
]
c.user_is_admin = False
if c.user_is_loggedin:
c.user_is_admin = c.user.name.lower() in admin_usernames
VNotInTimeout().run()
def post(self):
Session.remove()
super(ModmailController, self).post()
@require_oauth2_scope('modmail')
@validate(
srs=VSRByNames('entity', required=False),
after=VModConversation('after', required=False),
limit=VInt('limit', num_default=25),
sort=VOneOf('sort',
options=('recent', 'mod', 'user'),
default='recent'),
state=VOneOf('state',
options=('new', 'inprogress', 'mod', 'notifications',
'archived', 'highlighted', 'all'),
default='all'),
)
def GET_conversations(self, srs, after, limit, sort, state):
"""Get conversations for logged in user or subreddits
Querystring Params:
entity -- name of the subreddit or a comma separated list of
subreddit names (i.e. iama, pics etc)
limit -- number of elements to retrieve (default: 25)
after -- the id of the last item seen
sort -- parameter on how to sort the results, choices:
recent: max(last_user_update, last_mod_update)
mod: last_mod_update
user: last_user_update
state -- this parameter lets users filter messages by state
choices: new, inprogress, mod, notifications,
archived, highlighted, all
"""
# Retrieve subreddits in question, if entities are passed
# check if a user is a moderator for the passed entities.
# If no entities are passed grab all subreddits the logged in
# user moderates and has modmail permissions for
modded_entities = {}
modded_srs = c.user.moderated_subreddits('mail')
modded_srs = {sr._fullname: sr for sr in modded_srs}
if srs:
for sr in srs.values():
if sr._fullname in modded_srs:
modded_entities[sr._fullname] = sr
else:
return self.send_error(403,
errors.BAD_SR_NAME,
fields='entity')
else:
modded_entities = modded_srs
if not modded_entities:
return self.send_error(404, errors.SR_NOT_FOUND, fields='entity')
# Retrieve conversations for given entities
conversations = ModmailConversation.get_mod_conversations(
modded_entities.values(),
viewer=c.user,
limit=limit,
after=after,
sort=sort,
state=state)
conversation_ids = []
conversations_dict = {}
messages_dict = {}
author_ids = []
# Extract author ids to query for all accounts at once
for conversation in conversations:
author_ids.extend(conversation.author_ids)
author_ids.extend(conversation.mod_action_account_ids)
# Query for associated account object of authors and serialize the
# conversation in the correct context
authors = self._try_get_byID(author_ids, Account, ignore_missing=True)
for conversation in conversations:
conversation_ids.append(conversation.id36)
conversations_dict[
conversation.id36] = conversation.to_serializable(
authors,
modded_entities[conversation.owner_fullname],
)
latest_message = conversation.messages[0]
messages_dict[
latest_message.id36] = latest_message.to_serializable(
modded_entities[conversation.owner_fullname],
authors[latest_message.author_id],
c.user,
)
return simplejson.dumps({
'viewerId': c.user._fullname,
'conversationIds': conversation_ids,
'conversations': conversations_dict,
'messages': messages_dict,
})
@require_oauth2_scope('modmail')
@validate(
entity=VSRByName('srName'),
subject=VLength('subject', max_length=100),
body=VMarkdownLength('body'),
is_author_hidden=VBoolean('isAuthorHidden', default=False),
to=VModConvoRecipient('to', required=False),
)
def POST_conversations(self, entity, subject, body, is_author_hidden, to):
"""Creates a new conversation for a particular SR
This endpoint will create a ModmailConversation object as
well as the first ModmailMessage within the ModmailConversation
object.
POST Params:
srName -- the human readable name of the subreddit
subject -- the subject of the first message in the conversation
body -- the body of the first message in the conversation
isAuthorHidden -- boolean on whether the mod name should be hidden
(only mods can use this flag)
to -- name of the user that a mod wants to create a convo
with (only mods can use this flag)
"""
self._feature_enabled_check(entity)
# make sure the user is not muted when creating a new conversation
if entity.is_muted(c.user) and not c.user_is_admin:
return self.send_error(400, errors.USER_MUTED)
# validate post params
if (errors.USER_BLOCKED, to) in c.errors:
return self.send_error(400, errors.USER_BLOCKED, fields='to')
elif (errors.USER_DOESNT_EXIST, to) in c.errors:
return self.send_error(404, errors.USER_DOESNT_EXIST, fields='to')
if to and not isinstance(to, Account):
return self.send_error(
422,
errors.NO_SR_TO_SR_MESSAGE,
fields='to',
)
# only mods can set a 'to' parameter
if (not entity.is_moderator_with_perms(c.user, 'mail') and to):
return self.send_error(403, errors.MOD_REQUIRED, fields='to')
if to and entity.is_muted(to):
return self.send_error(
400,
errors.MUTED_FROM_SUBREDDIT,
fields='to',
)
try:
conversation = ModmailConversation(
entity,
c.user,
subject,
body,
is_author_hidden=is_author_hidden,
to=to,
)
except MustBeAModError:
return self.send_error(403,
errors.MOD_REQUIRED,
fields='isAuthorHidden')
except Exception as e:
g.log.error('Failed to save conversation: {}'.format(e))
return self.send_error(500, errors.CONVERSATION_NOT_SAVED)
# Create copy of the message in the legacy messaging system as well
if to:
message, inbox_rel = Message._new(
c.user,
to,
subject,
body,
request.ip,
sr=entity,
from_sr=is_author_hidden,
create_modmail=False,
)
else:
message, inbox_rel = Message._new(
c.user,
entity,
subject,
body,
request.ip,
create_modmail=False,
)
queries.new_message(message, inbox_rel)
conversation.set_legacy_first_message_id(message._id)
# Get author associated account object for serialization
# of the newly created conversation object
authors = self._try_get_byID(conversation.author_ids,
Account,
ignore_missing=True)
response.status_code = 201
serializable_convo = conversation.to_serializable(authors,
entity,
all_messages=True,
current_user=c.user)
messages = serializable_convo.pop('messages')
mod_actions = serializable_convo.pop('modActions')
g.events.new_modmail_event(
'ss.send_modmail_message',
conversation,
message=conversation.messages[0],
msg_author=c.user,
sr=entity,
request=request,
context=c,
)
return simplejson.dumps({
'conversation': serializable_convo,
'messages': messages,
'modActions': mod_actions,
})
@require_oauth2_scope('modmail')
@validate(
conversation=VModConversation('conversation_id'),
mark_read=VBoolean('markRead', default=False),
)
def GET_mod_messages(self, conversation, mark_read):
"""Returns all messages for a given conversation id
Url Params:
conversation_id -- this is the id of the conversation you would
like to grab messages for
Querystring Param:
markRead -- if passed the conversation will be marked read when the
conversation is returned
"""
self._validate_vmodconversation()
sr = self._try_get_subreddit_access(conversation, admin_override=True)
authors = self._try_get_byID(list(
set(conversation.author_ids)
| set(conversation.mod_action_account_ids)),
Account,
ignore_missing=True)
serializable_convo = conversation.to_serializable(authors,
sr,
all_messages=True,
current_user=c.user)
messages = serializable_convo.pop('messages')
mod_actions = serializable_convo.pop('modActions')
# Get participant user info for conversation
try:
userinfo = self._get_modmail_userinfo(conversation, sr=sr)
except ValueError:
userinfo = {}
except NotFound:
return self.send_error(404, errors.USER_DOESNT_EXIST)
if mark_read:
conversation.mark_read(c.user)
g.events.new_modmail_event(
'ss.modmail_mark_thread',
conversation,
mark_type='read',
request=request,
context=c,
)
return simplejson.dumps({
'conversation': serializable_convo,
'messages': messages,
'modActions': mod_actions,
'user': userinfo,
})
@require_oauth2_scope('modmail')
def GET_modmail_enabled_srs(self):
# sr_name, sr_icon, subsriber_count, most_recent_action
modded_srs = c.user.moderated_subreddits('mail')
enabled_srs = [
modded_sr for modded_sr in modded_srs
if feature.is_enabled('new_modmail', subreddit=modded_sr.name)
]
recent_convos = ModmailConversation.get_recent_convo_by_sr(enabled_srs)
results = {}
for sr in enabled_srs:
results.update({
sr._fullname: {
'id': sr._fullname,
'name': sr.name,
'icon': sr.icon_img,
'subscribers': sr._ups,
'lastUpdated': recent_convos.get(sr._fullname),
}
})
return simplejson.dumps({'subreddits': results})
@require_oauth2_scope('modmail')
@validate(
conversation=VModConversation('conversation_id'),
msg_body=VMarkdownLength('body'),
is_author_hidden=VBoolean('isAuthorHidden', default=False),
is_internal=VBoolean('isInternal', default=False),
)
def POST_mod_messages(self, conversation, msg_body, is_author_hidden,
is_internal):
"""Creates a new message for a particular ModmailConversation
URL Params:
conversation_id -- id of the conversation to post a new message to
POST Params:
body -- this is the message body
isAuthorHidden -- boolean on whether to hide author, i.e. respond as
the subreddit
isInternal -- boolean to signify a moderator only message
"""
self._validate_vmodconversation()
sr = Subreddit._by_fullname(conversation.owner_fullname)
self._feature_enabled_check(sr)
# make sure the user is not muted before posting a message
if sr.is_muted(c.user):
return self.send_error(400, errors.USER_MUTED)
if conversation.is_internal and not is_internal:
is_internal = True
is_mod = sr.is_moderator(c.user)
if not is_mod and is_author_hidden:
return self.send_error(
403,
errors.MOD_REQUIRED,
fields='isAuthorHidden',
)
elif not is_mod and is_internal:
return self.send_error(
403,
errors.MOD_REQUIRED,
fields='isInternal',
)
try:
if not conversation.is_internal and not conversation.is_auto:
participant = conversation.get_participant_account()
if participant and sr.is_muted(participant):
return self.send_error(
400,
errors.MUTED_FROM_SUBREDDIT,
)
except NotFound:
pass
try:
new_message = conversation.add_message(
c.user,
msg_body,
is_author_hidden=is_author_hidden,
is_internal=is_internal,
)
except:
return self.send_error(500, errors.MODMAIL_MESSAGE_NOT_SAVED)
# Add the message to the legacy messaging system as well (unless it's
# an internal message on a non-internal conversation, since we have no
# way to hide specific messages from the external participant)
legacy_incompatible = is_internal and not conversation.is_internal
if (conversation.legacy_first_message_id and not legacy_incompatible):
first_message = Message._byID(conversation.legacy_first_message_id)
subject = conversation.subject
if not subject.startswith('re: '):
subject = 're: ' + subject
# Retrieve the participant to decide whether to send the message
# to the sr or to the participant. If the currently logged in user
# is the same as the participant then address the message to the
# sr.
recipient = sr
if not is_internal:
try:
participant = (
ModmailConversationParticipant.get_participant(
conversation.id))
is_participant = (
(c.user._id == participant.account_id)
and not sr.is_moderator_with_perms(c.user, 'mail'))
if not is_participant:
recipient = Account._byID(participant.account_id)
except NotFound:
pass
message, inbox_rel = Message._new(
c.user,
recipient,
subject,
msg_body,
request.ip,
parent=first_message,
from_sr=is_author_hidden,
create_modmail=False,
)
queries.new_message(message, inbox_rel)
serializable_convo = conversation.to_serializable(
entity=sr,
all_messages=True,
current_user=c.user,
)
messages = serializable_convo.pop('messages')
g.events.new_modmail_event(
'ss.send_modmail_message',
conversation,
message=new_message,
msg_author=c.user,
sr=sr,
request=request,
context=c,
)
response.status_code = 201
return simplejson.dumps({
'conversation': serializable_convo,
'messages': messages,
})
@require_oauth2_scope('modmail')
@validate(conversation=VModConversation('conversation_id'))
def POST_highlight(self, conversation):
"""Marks a conversation as highlighted."""
self._validate_vmodconversation()
self._try_get_subreddit_access(conversation)
conversation.add_action(c.user, 'highlighted')
conversation.add_highlight()
# Retrieve updated conversation to be returned
updated_convo = self._get_updated_convo(conversation.id, c.user)
g.events.new_modmail_event(
'ss.modmail_mark_thread',
conversation,
mark_type='highlight',
request=request,
context=c,
)
return simplejson.dumps(updated_convo)
@require_oauth2_scope('modmail')
@validate(conversation=VModConversation('conversation_id'))
def DELETE_highlight(self, conversation):
"""Removes a highlight from a conversation."""
self._validate_vmodconversation()
self._try_get_subreddit_access(conversation)
conversation.add_action(c.user, 'unhighlighted')
conversation.remove_highlight()
# Retrieve updated conversation to be returned
updated_convo = self._get_updated_convo(conversation.id, c.user)
g.events.new_modmail_event(
'ss.modmail_mark_thread',
conversation,
mark_type='unhighlight',
request=request,
context=c,
)
return simplejson.dumps(updated_convo)
@require_oauth2_scope('modmail')
@validate(ids=VList('conversationIds'))
def POST_unread(self, ids):
"""Marks conversations as unread for the user.
Expects a list of conversation IDs.
"""
if not ids:
return self.send_error(400, 'Must pass an id or list of ids.')
try:
ids = [int(id, base=36) for id in ids]
except:
return self.send_error(422, 'Must pass base 36 ids.')
try:
convos = self._get_conversation_access(ids)
except ValueError:
return self.send_error(
403,
errors.INVALID_CONVERSATION_ID,
fields='conversationIds',
)
ModmailConversationUnreadState.mark_unread(
c.user, [convo.id for convo in convos])
@require_oauth2_scope('modmail')
@validate(ids=VList('conversationIds'))
def POST_read(self, ids):
"""Marks a conversations as read for the user.
Expects a list of conversation IDs.
"""
if not ids:
return self.send_error(400, 'Must pass an id or list of ids.')
try:
ids = [int(id, base=36) for id in ids]
except:
return self.send_error(422, 'Must pass base 36 ids.')
try:
convos = self._get_conversation_access(ids)
except ValueError:
return self.send_error(
403,
errors.INVALID_CONVERSATION_ID,
fields='conversationIds',
)
response.status_code = 204
ModmailConversationUnreadState.mark_read(
c.user, [convo.id for convo in convos])
@require_oauth2_scope('modmail')
@validate(
ids=VList('conversationIds'),
archive=VBoolean('archive', default=True),
)
def POST_archive_status(self, ids, archive):
try:
convos = self._get_conversation_access(
[int(id, base=36) for id in ids])
except ValueError:
return self.send_error(
403,
errors.INVALID_CONVERSATION_ID,
fields='conversationIds',
)
convo_ids = []
for convo in convos:
if convo.is_internal:
return self.send_error(
422,
errors.CONVERSATION_NOT_ARCHIVABLE,
fields='conversationIds',
)
convo_ids.append(convo.id)
if not archive:
ModmailConversation.set_states(
convo_ids, ModmailConversation.STATE['inprogress'])
else:
ModmailConversation.set_states(
convo_ids, ModmailConversation.STATE['archived'])
response.status_code = 204
@require_oauth2_scope('modmail')
@validate(conversation=VModConversation('conversation_id'))
def POST_archive(self, conversation):
self._validate_vmodconversation()
sr = Subreddit._by_fullname(conversation.owner_fullname)
self._feature_enabled_check(sr)
if sr.is_moderator_with_perms(c.user, 'mail'):
if conversation.state == ModmailConversation.STATE['archived']:
response.status_code = 204
return
if conversation.is_internal:
return self.send_error(
422,
errors.CONVERSATION_NOT_ARCHIVABLE,
)
conversation.add_action(c.user, 'archived')
conversation.set_state('archived')
updated_convo = self._get_updated_convo(conversation.id, c.user)
g.events.new_modmail_event(
'ss.modmail_mark_thread',
conversation,
mark_type='archive',
request=request,
context=c,
)
return simplejson.dumps(updated_convo)
else:
return self.send_error(403, errors.INVALID_MOD_PERMISSIONS)
@require_oauth2_scope('modmail')
@validate(conversation=VModConversation('conversation_id'))
def POST_unarchive(self, conversation):
self._validate_vmodconversation()
sr = Subreddit._by_fullname(conversation.owner_fullname)
self._feature_enabled_check(sr)
if sr.is_moderator_with_perms(c.user, 'mail'):
if conversation.state != ModmailConversation.STATE['archived']:
response.status_code = 204
return
if conversation.is_internal:
return self.send_error(
422,
errors.CONVERSATION_NOT_ARCHIVABLE,
)
conversation.add_action(c.user, 'unarchived')
conversation.set_state('inprogress')
updated_convo = self._get_updated_convo(conversation.id, c.user)
g.events.new_modmail_event(
'ss.modmail_mark_thread',
conversation,
mark_type='unarchive',
request=request,
context=c,
)
return simplejson.dumps(updated_convo)
else:
return self.send_error(403, errors.INVALID_MOD_PERMISSIONS)
@require_oauth2_scope('modmail')
def GET_unread_convo_count(self):
"""Endpoint to retrieve the unread conversation count by
category"""
convo_counts = ModmailConversation.unread_convo_count(c.user)
return simplejson.dumps(convo_counts)
@require_oauth2_scope('modmail')
@validate(conversation=VModConversation('conversation_id'))
def GET_modmail_userinfo(self, conversation):
# validate that the currently logged in user is a mod
# of the subreddit associated with the conversation
self._try_get_subreddit_access(conversation, admin_override=True)
try:
userinfo = self._get_modmail_userinfo(conversation)
except (ValueError, NotFound):
return self.send_error(404, errors.USER_DOESNT_EXIST)
return simplejson.dumps(userinfo)
@require_oauth2_scope('identity')
@validate(conversation=VModConversation('conversation_id'))
def POST_mute_participant(self, conversation):
if conversation.is_internal or conversation.is_auto:
return self.send_error(400, errors.CANT_RESTRICT_MODERATOR)
sr = Subreddit._by_fullname(conversation.owner_fullname)
try:
participant = conversation.get_participant_account()
except NotFound:
return self.send_error(404, errors.USER_DOESNT_EXIST)
if not sr.can_mute(c.user, participant):
return self.send_error(400, errors.CANT_RESTRICT_MODERATOR)
if not c.user_is_admin:
if not sr.is_moderator_with_perms(c.user, 'access', 'mail'):
return self.send_error(403, errors.INVALID_MOD_PERMISSIONS)
if sr.use_quotas:
sr_ratelimit = SimpleRateLimit(
name="sr_muted_%s" % sr._id36,
seconds=g.sr_quota_time,
limit=g.sr_muted_quota,
)
if not sr_ratelimit.record_and_check():
return self.send_error(403, errors.SUBREDDIT_RATELIMIT)
# Add the mute record but only if successful create the
# appropriate notifications, this prevents duplicate
# notifications from being sent
added = sr.add_muted(participant)
if not added:
return simplejson.dumps(
self._convo_to_serializable(conversation, all_messages=True))
MutedAccountsBySubreddit.mute(sr, participant, c.user)
permalink = conversation.make_permalink()
# Create the appropriate objects to be displayed on the
# mute moderation log, use the permalink to the new modmail
# system
ModAction.create(sr,
c.user,
'muteuser',
target=participant,
description=permalink)
sr.add_rel_note('muted', participant, permalink)
# Add the muted mod action to the conversation
conversation.add_action(c.user, 'muted', commit=True)
result = self._get_updated_convo(conversation.id, c.user)
result['user'] = self._get_modmail_userinfo(conversation, sr=sr)
return simplejson.dumps(result)
@require_oauth2_scope('identity')
@validate(conversation=VModConversation('conversation_id'))
def POST_unmute_participant(self, conversation):
if conversation.is_internal or conversation.is_auto:
return self.send_error(400, errors.CANT_RESTRICT_MODERATOR)
sr = Subreddit._by_fullname(conversation.owner_fullname)
try:
participant = conversation.get_participant_account()
except NotFound:
abort(404, errors.USER_DOESNT_EXIST)
if not c.user_is_admin:
if not sr.is_moderator_with_perms(c.user, 'access', 'mail'):
return self.send_error(403, errors.INVALID_MOD_PERMISSIONS)
removed = sr.remove_muted(participant)
if not removed:
return simplejson.dumps(
self._convo_to_serializable(conversation, all_messages=True))
MutedAccountsBySubreddit.unmute(sr, participant)
ModAction.create(sr, c.user, 'unmuteuser', target=participant)
conversation.add_action(c.user, 'unmuted', commit=True)
result = self._get_updated_convo(conversation.id, c.user)
result['user'] = self._get_modmail_userinfo(conversation, sr=sr)
return simplejson.dumps(result)
def _get_modmail_userinfo(self, conversation, sr=None):
if conversation.is_internal:
raise ValueError('Cannot get userinfo for internal conversations')
if not sr:
sr = Subreddit._by_fullname(conversation.owner_fullname)
# Retrieve the participant associated with the conversation
try:
account = conversation.get_participant_account()
if not account:
raise ValueError('No account associated with convo')
permatimeout = (account.in_timeout
and account.days_remaining_in_timeout == 0)
if account._deleted or permatimeout:
raise ValueError('User info is inaccessible')
except NotFound:
raise NotFound('Unable to retrieve conversation participant')
# Fetch the mute and ban status of the participant as it relates
# to the subreddit associated with the conversation.
mute_status = sr.is_muted(account)
ban_status = sr.is_banned(account)
# Parse the ban status and retrieve the length of the ban,
# then output the data into a serialiazable dict
ban_result = {
'isBanned': bool(ban_status),
'reason': '',
'endDate': None,
'isPermanent': False
}
if ban_status:
ban_result['reason'] = getattr(ban_status, 'note', '')
ban_duration = sr.get_tempbans('banned', account.name)
ban_duration = ban_duration.get(account.name)
if ban_duration:
ban_result['endDate'] = ban_duration.isoformat()
else:
ban_result['isPermanent'] = True
ban_result['endDate'] = None
# Parse the mute status and retrieve the length of the ban,
# then output the data into the serialiazable dict
mute_result = {
'isMuted': bool(mute_status),
'endDate': None,
'reason': ''
}
if mute_status:
mute_result['reason'] = getattr(mute_status, 'note', '')
muted_items = sr.get_muted_items(account.name)
mute_duration = muted_items.get(account.name)
if mute_duration:
mute_result['endDate'] = mute_duration.isoformat()
# Retrieve the participants post and comment fullnames from cache
post_fullnames = []
comment_fullnames = []
if not account._spam:
post_fullnames = list(queries.get_submitted(account, 'new',
'all'))[:100]
comment_fullnames = list(
queries.get_comments(account, 'new', 'all'))[:100]
# Retrieve the associated link objects for posts and comments
# using the retrieve fullnames, afer the link objects are retrieved
# create a serializable dict with the the necessary information from
# the endpoint.
lookup_fullnames = list(set(post_fullnames) | set(comment_fullnames))
posts = Thing._by_fullname(lookup_fullnames)
serializable_posts = {}
for fullname in post_fullnames:
if len(serializable_posts) == 3:
break
post = posts[fullname]
if post.sr_id == sr._id and not post._deleted:
serializable_posts[fullname] = {
'title': post.title,
'permalink': post.make_permalink(sr, force_domain=True),
'date': post._date.isoformat(),
}
# Extract the users most recent comments associated with the
# subreddit
sr_comments = []
for fullname in comment_fullnames:
if len(sr_comments) == 3:
break
comment = posts[fullname]
if comment.sr_id == sr._id and not comment._deleted:
sr_comments.append(comment)
# Retrieve all associated link objects (combines lookup)
comment_links = Link._byID(
[sr_comment.link_id for sr_comment in sr_comments])
# Serialize all of the user's sr comments
serializable_comments = {}
for sr_comment in sr_comments:
comment_link = comment_links[sr_comment.link_id]
comment_body = sr_comment.body
if len(comment_body) > 140:
comment_body = '{:.140}...'.format(comment_body)
serializable_comments[sr_comment._fullname] = {
'title':
comment_link.title,
'comment':
comment_body,
'permalink':
sr_comment.make_permalink(comment_link, sr, force_domain=True),
'date':
sr_comment._date.isoformat(),
}
return {
'id': account._fullname,
'name': account.name,
'created': account._date.isoformat(),
'banStatus': ban_result,
'isShadowBanned': account._spam,
'muteStatus': mute_result,
'recentComments': serializable_comments,
'recentPosts': serializable_posts,
}
def _get_updated_convo(self, convo_id, user):
# Retrieve updated conversation to be returned
updated_convo = ModmailConversation._byID(convo_id, current_user=user)
return self._convo_to_serializable(updated_convo, all_messages=True)
def _convo_to_serializable(self, conversation, all_messages=False):
serialized_convo = conversation.to_serializable(
all_messages=all_messages, current_user=c.user)
messages = serialized_convo.pop('messages')
mod_actions = serialized_convo.pop('modActions')
return {
'conversations': serialized_convo,
'messages': messages,
'modActions': mod_actions,
}
def _validate_vmodconversation(self):
if (errors.CONVERSATION_NOT_FOUND, 'conversation_id') in c.errors:
return self.send_error(404, errors.CONVERSATION_NOT_FOUND)
def _get_conversation_access(self, ids):
validated_convos = []
conversations = ModmailConversation._byID(ids)
# fetch all srs that a user has modmail permissions to
# transform sr to be a dict with a key being the sr fullname
# and the value being the sr object itself
modded_srs = c.user.moderated_subreddits('mail')
sr_by_fullname = {
sr._fullname: sr
for sr in modded_srs
if feature.is_enabled('new_modmail', subreddit=sr.name)
}
for conversation in tup(conversations):
if sr_by_fullname.get(conversation.owner_fullname):
validated_convos.append(conversation)
else:
raise ValueError('Invalid conversation id(s).')
return validated_convos
def _try_get_byID(self,
ids,
thing_class,
return_dict=True,
ignore_missing=False):
"""Helper method to lookup objects by id for a
given model or return a 404 if not found"""
try:
return thing_class._byID(ids,
return_dict=return_dict,
ignore_missing=ignore_missing)
except NotFound:
return self.send_error(404,
errors.THING_NOT_FOUND,
explanation='{} not found'.format(
thing_class.__name__))
except:
return self.send_error(422, 'Invalid request')
def _try_get_subreddit_access(self, conversation, admin_override=False):
sr = Subreddit._by_fullname(conversation.owner_fullname)
self._feature_enabled_check(sr)
if (not sr.is_moderator_with_perms(c.user, 'mail')
and not (admin_override and c.user_is_admin)):
return self.send_error(
403,
errors.SUBREDDIT_NO_ACCESS,
)
return sr
def _feature_enabled_check(self, sr):
if not feature.is_enabled('new_modmail', subreddit=sr.name):
return self.send_error(403, errors.SR_FEATURE_NOT_ENABLED)
def send_error(self, code, error, fields=None, explanation=None):
abort(
reddit_http_error(
code=code or error.code,
error_name=error,
explanation=explanation,
fields=tup(fields),
))
class WebLogController(RedditController):
on_validation_error = staticmethod(abort_with_error)
@csrf_exempt
@validate(
VRatelimit(rate_user=False, rate_ip=True, prefix='rate_weblog_'),
level=VOneOf('level', ('error', )),
logs=VValidatedJSON(
'logs',
VValidatedJSON.ArrayOf(
VValidatedJSON.PartialObject({
'msg':
VPrintable('msg', max_length=256),
'url':
VPrintable('url', max_length=256),
'tag':
VPrintable('tag', max_length=32),
}))),
)
def POST_message(self, level, logs):
# Whitelist tags to keep the frontend from creating too many keys in statsd
valid_frontend_log_tags = {
'unknown',
'jquery-migrate-bad-html',
}
# prevent simple CSRF by requiring a custom header
if not request.headers.get('X-Loggit'):
abort(403)
uid = c.user._id if c.user_is_loggedin else '-'
# only accept a maximum of 3 entries per request
for log in logs[:3]:
if 'msg' not in log or 'url' not in log:
continue
tag = 'unknown'
if log.get('tag') in valid_frontend_log_tags:
tag = log['tag']
g.stats.simple_event('frontend.error.' + tag)
g.log.warning('[web frontend] %s: %s | U: %s FP: %s UA: %s', level,
log['msg'], uid, log['url'], request.user_agent)
VRatelimit.ratelimit(rate_user=False,
rate_ip=True,
prefix="rate_weblog_",
seconds=10)
def OPTIONS_report_cache_poisoning(self):
"""Send CORS headers for cache poisoning reports."""
if "Origin" not in request.headers:
return
origin = request.headers["Origin"]
parsed_origin = UrlParser(origin)
if not is_subdomain(parsed_origin.hostname, g.domain):
return
response.headers["Access-Control-Allow-Origin"] = origin
response.headers["Access-Control-Allow-Methods"] = "POST"
response.headers["Access-Control-Allow-Headers"] = \
"Authorization, X-Loggit, "
response.headers["Access-Control-Allow-Credentials"] = "false"
response.headers['Access-Control-Expose-Headers'] = \
self.COMMON_REDDIT_HEADERS
@csrf_exempt
@validate(
VRatelimit(rate_user=False, rate_ip=True, prefix='rate_poison_'),
report_mac=VPrintable('report_mac', 255),
poisoner_name=VPrintable('poisoner_name', 255),
poisoner_id=VInt('poisoner_id'),
poisoner_canary=VPrintable('poisoner_canary', 2, min_length=2),
victim_canary=VPrintable('victim_canary', 2, min_length=2),
render_time=VInt('render_time'),
route_name=VPrintable('route_name', 255),
url=VPrintable('url', 2048),
# To differentiate between web and mweb in the future
source=VOneOf('source', ('web', 'mweb')),
cache_policy=VOneOf(
'cache_policy',
('loggedin_www', 'loggedin_www_new', 'loggedin_mweb')),
# JSON-encoded response headers from when our script re-requested
# the poisoned page
resp_headers=nop('resp_headers'),
)
def POST_report_cache_poisoning(
self,
report_mac,
poisoner_name,
poisoner_id,
poisoner_canary,
victim_canary,
render_time,
route_name,
url,
source,
cache_policy,
resp_headers,
):
"""Report an instance of cache poisoning and its details"""
self.OPTIONS_report_cache_poisoning()
if c.errors:
abort(400)
# prevent simple CSRF by requiring a custom header
if not request.headers.get('X-Loggit'):
abort(403)
# Eh? Why are you reporting this if the canaries are the same?
if poisoner_canary == victim_canary:
abort(400)
expected_mac = make_poisoning_report_mac(
poisoner_canary=poisoner_canary,
poisoner_name=poisoner_name,
poisoner_id=poisoner_id,
cache_policy=cache_policy,
source=source,
route_name=route_name,
)
if not constant_time_compare(report_mac, expected_mac):
abort(403)
if resp_headers:
try:
resp_headers = json.loads(resp_headers)
# Verify this is a JSON map of `header_name => [value, ...]`
if not isinstance(resp_headers, dict):
abort(400)
for hdr_name, hdr_vals in resp_headers.iteritems():
if not isinstance(hdr_name, basestring):
abort(400)
if not all(isinstance(h, basestring) for h in hdr_vals):
abort(400)
except ValueError:
abort(400)
if not resp_headers:
resp_headers = {}
poison_info = dict(
poisoner_name=poisoner_name,
poisoner_id=str(poisoner_id),
# Convert the JS timestamp to a standard one
render_time=render_time * 1000,
route_name=route_name,
url=url,
source=source,
cache_policy=cache_policy,
resp_headers=resp_headers,
)
# For immediate feedback when tracking the effects of caching changes
g.stats.simple_event("cache.poisoning.%s.%s" % (source, cache_policy))
# For longer-term diagnosing of caching issues
g.events.cache_poisoning_event(poison_info, request=request, context=c)
VRatelimit.ratelimit(rate_ip=True, prefix="rate_poison_", seconds=10)
return self.api_wrapper({})
class IpnController(RedditController):
# Used when buying gold with creddits
@validatedForm(VUser(),
months = VInt("months"),
passthrough = VPrintable("passthrough", max_length=50))
def POST_spendcreddits(self, form, jquery, months, passthrough):
if months is None or months < 1:
form.set_html(".status", _("nice try."))
return
days = months * 31
if not passthrough:
raise ValueError("/spendcreddits got no passthrough?")
blob_key, payment_blob = get_blob(passthrough)
if payment_blob["goldtype"] != "gift":
raise ValueError("/spendcreddits payment_blob %s has goldtype %s" %
(passthrough, payment_blob["goldtype"]))
signed = payment_blob["signed"]
giftmessage = _force_unicode(payment_blob["giftmessage"])
recipient_name = payment_blob["recipient"]
if payment_blob["account_id"] != c.user._id:
fmt = ("/spendcreddits payment_blob %s has userid %d " +
"but c.user._id is %d")
raise ValueError(fmt % passthrough,
payment_blob["account_id"],
c.user._id)
try:
recipient = Account._by_name(recipient_name)
except NotFound:
raise ValueError("Invalid username %s in spendcreddits, buyer = %s"
% (recipient_name, c.user.name))
if recipient._deleted:
form.set_html(".status", _("that user has deleted their account"))
return
if not c.user_is_admin:
if months > c.user.gold_creddits:
raise ValueError("%s is trying to sneak around the creddit check"
% c.user.name)
c.user.gold_creddits -= months
c.user.gold_creddit_escrow += months
c.user._commit()
comment_id = payment_blob.get("comment")
comment = send_gift(c.user, recipient, months, days, signed,
giftmessage, comment_id)
if not c.user_is_admin:
c.user.gold_creddit_escrow -= months
c.user._commit()
payment_blob["status"] = "processed"
g.hardcache.set(blob_key, payment_blob, 86400 * 30)
form.set_html(".status", _("the gold has been delivered!"))
form.find("button").hide()
if comment:
gilding_message = make_comment_gold_message(comment,
user_gilded=True)
jquery.gild_comment(comment_id, gilding_message, comment.gildings)
@textresponse(full_sn = VLength('serial-number', 100))
def POST_gcheckout(self, full_sn):
if full_sn:
short_sn = full_sn.split('-')[0]
g.log.error( "GOOGLE CHECKOUT: %s" % short_sn)
trans = _google_ordernum_request(short_sn)
# get the financial details
auth = trans.find("authorization-amount-notification")
custom = None
cart = trans.find("shopping-cart")
if cart:
private_item_data = cart.find("merchant-private-item-data")
if private_item_data:
custom = str(private_item_data.contents[0])
if not auth:
# see if the payment was declinded
status = trans.findAll('financial-order-state')
if 'PAYMENT_DECLINED' in [x.contents[0] for x in status]:
g.log.error("google declined transaction found: '%s'" %
short_sn)
elif 'REVIEWING' not in [x.contents[0] for x in status]:
g.log.error(("google transaction not found: " +
"'%s', status: %s")
% (short_sn, [x.contents[0] for x in status]))
else:
g.log.error(("google transaction status: " +
"'%s', status: %s")
% (short_sn, [x.contents[0] for x in status]))
if custom:
payment_blob = validate_blob(custom)
buyer = payment_blob['buyer']
subject = _('gold order')
msg = _('your order has been received and gold will'
' be delivered shortly. please bear with us'
' as google wallet payments can take up to an'
' hour to complete')
try:
send_system_message(buyer, subject, msg)
except MessageError:
g.log.error('gcheckout send_system_message failed')
elif auth.find("financial-order-state"
).contents[0] == "CHARGEABLE":
email = str(auth.find("email").contents[0])
payer_id = str(auth.find('buyer-id').contents[0])
if custom:
days = None
try:
pennies = int(float(trans.find("order-total"
).contents[0])*100)
months, days = months_and_days_from_pennies(pennies)
if not months:
raise ValueError("Bad pennies for %s" % short_sn)
charged = trans.find("charge-amount-notification")
if not charged:
_google_charge_and_ship(short_sn)
parameters = request.POST.copy()
self.finish(parameters, "g%s" % short_sn,
email, payer_id, None,
custom, pennies, months, days)
except ValueError, e:
g.log.error(e)
else:
raise ValueError("Got no custom blob for %s" % short_sn)
return (('<notification-acknowledgment ' +
'xmlns="http://checkout.google.com/schema/2" ' +
'serial-number="%s" />') % full_sn)
else:
class WikiController(RedditController):
allow_stylesheets = True
@require_oauth2_scope("wikiread")
@api_doc(api_section.wiki, uri='/wiki/{page}', uses_site=True)
@validate(pv=VWikiPageAndVersion(('page', 'v', 'v2'),
required=False,
restricted=False,
allow_hidden_revision=False),
page_name=VWikiPageName('page', error_on_name_normalized=True))
def GET_wiki_page(self, pv, page_name):
"""Return the content of a wiki page
If `v` is given, show the wiki page as it was at that version
If both `v` and `v2` are given, show a diff of the two
"""
message = None
if c.errors.get(('PAGE_NAME_NORMALIZED', 'page')):
url = join_urls(c.wiki_base_url, page_name)
return self.redirect(url)
page, version, version2 = pv
if not page:
is_api = c.render_style in extensions.API_TYPES
if this_may_revise():
if is_api:
self.handle_error(404, 'PAGE_NOT_CREATED')
errorpage = WikiNotFound(page=page_name)
request.environ['usable_error_content'] = errorpage.render()
elif is_api:
self.handle_error(404, 'PAGE_NOT_FOUND')
self.abort404()
if version:
edit_by = version.get_author()
edit_date = version.date
else:
edit_by = page.get_author()
edit_date = page._get('last_edit_date')
diffcontent = None
if not version:
content = page.content
if c.is_wiki_mod and page.name in page_descriptions:
message = page_descriptions[page.name]
else:
message = _("viewing revision from %s") % timesince(version.date)
if version2:
t1 = timesince(version.date)
t2 = timesince(version2.date)
timestamp1 = _("%s ago") % t1
timestamp2 = _("%s ago") % t2
message = _("comparing revisions from %(date_1)s and %(date_2)s") \
% {'date_1': t1, 'date_2': t2}
diffcontent = make_htmldiff(version.content, version2.content,
timestamp1, timestamp2)
content = version2.content
else:
message = _("viewing revision from %s ago") % timesince(
version.date)
content = version.content
renderer = RENDERERS_BY_PAGE.get(page.name, 'wiki')
return WikiPageView(content,
alert=message,
v=version,
diff=diffcontent,
may_revise=this_may_revise(page),
edit_by=edit_by,
edit_date=edit_date,
page=page.name,
renderer=renderer).render()
@require_oauth2_scope("wikiread")
@api_doc(api_section.wiki, uri='/wiki/revisions/{page}', uses_site=True)
@paginated_listing(max_page_size=100, backend='cassandra')
@validate(page=VWikiPage(('page'), restricted=False))
def GET_wiki_revisions(self, num, after, reverse, count, page):
"""Retrieve a list of revisions of this wiki `page`"""
revisions = page.get_revisions()
wikiuser = c.user if c.user_is_loggedin else None
builder = WikiRevisionBuilder(revisions,
user=wikiuser,
sr=c.site,
num=num,
reverse=reverse,
count=count,
after=after,
skip=not c.is_wiki_mod,
wrap=default_thing_wrapper(),
page=page)
listing = WikiRevisionListing(builder).listing()
return WikiRevisions(listing,
page=page.name,
may_revise=this_may_revise(page)).render()
@validate(wp=VWikiPageRevise('page'), page=VWikiPageName('page'))
def GET_wiki_create(self, wp, page):
api = c.render_style in extensions.API_TYPES
error = c.errors.get(('WIKI_CREATE_ERROR', 'page'))
if error:
error = error.msg_params
if wp[0]:
return self.redirect(join_urls(c.wiki_base_url, wp[0].name))
elif api:
if error:
self.handle_error(403, **error)
else:
self.handle_error(404, 'PAGE_NOT_CREATED')
elif error:
error_msg = ''
if error['reason'] == 'PAGE_NAME_LENGTH':
error_msg = _(
"this wiki cannot handle page names of that magnitude! please select a page name shorter than %d characters"
) % error['max_length']
elif error['reason'] == 'PAGE_CREATED_ELSEWHERE':
error_msg = _(
"this page is a special page, please go into the subreddit settings and save the field once to create this special page"
)
elif error['reason'] == 'PAGE_NAME_MAX_SEPARATORS':
error_msg = _(
'a max of %d separators "/" are allowed in a wiki page name.'
) % error['max_separators']
return BoringPage(_("Wiki error"), infotext=error_msg).render()
else:
return WikiCreate(page=page, may_revise=True).render()
@validate(wp=VWikiPageRevise('page', restricted=True, required=True))
def GET_wiki_revise(self, wp, page, message=None, **kw):
wp = wp[0]
previous = kw.get('previous', wp._get('revision'))
content = kw.get('content', wp.content)
if not message and wp.name in page_descriptions:
message = page_descriptions[wp.name]
return WikiEdit(content,
previous,
alert=message,
page=wp.name,
may_revise=True).render()
@require_oauth2_scope("wikiread")
@api_doc(api_section.wiki, uri='/wiki/revisions', uses_site=True)
@paginated_listing(max_page_size=100, backend='cassandra')
def GET_wiki_recent(self, num, after, reverse, count):
"""Retrieve a list of recently changed wiki pages in this subreddit"""
revisions = WikiRevision.get_recent(c.site)
wikiuser = c.user if c.user_is_loggedin else None
builder = WikiRecentRevisionBuilder(revisions,
num=num,
count=count,
reverse=reverse,
after=after,
wrap=default_thing_wrapper(),
skip=not c.is_wiki_mod,
user=wikiuser,
sr=c.site)
listing = WikiRevisionListing(builder).listing()
return WikiRecent(listing).render()
@require_oauth2_scope("wikiread")
@api_doc(api_section.wiki, uri='/wiki/pages', uses_site=True)
def GET_wiki_listing(self):
"""Retrieve a list of wiki pages in this subreddit"""
def check_hidden(page):
return page.listed and this_may_view(page)
pages, linear_pages = WikiPage.get_listing(c.site,
filter_check=check_hidden)
return WikiListing(pages, linear_pages).render()
def GET_wiki_redirect(self, page='index'):
return self.redirect(str("%s/%s" % (c.wiki_base_url, page)), code=301)
@require_oauth2_scope("wikiread")
@api_doc(api_section.wiki, uri='/wiki/discussions/{page}', uses_site=True)
@base_listing
@validate(page=VWikiPage('page', restricted=True))
def GET_wiki_discussions(self, page, num, after, reverse, count):
"""Retrieve a list of discussions about this wiki `page`"""
page_url = add_sr("%s/%s" % (c.wiki_base_url, page.name))
builder = url_links_builder(page_url,
num=num,
after=after,
reverse=reverse,
count=count)
listing = LinkListing(builder).listing()
return WikiDiscussions(listing,
page=page.name,
may_revise=this_may_revise(page)).render()
@require_oauth2_scope("modwiki")
@api_doc(api_section.wiki, uri='/wiki/settings/{page}', uses_site=True)
@validate(page=VWikiPage('page', restricted=True, modonly=True))
def GET_wiki_settings(self, page):
"""Retrieve the current permission settings for `page`"""
settings = {
'permlevel': page._get('permlevel', 0),
'listed': page.listed
}
mayedit = page.get_editor_accounts()
restricted = (not page.special) and page.restricted
show_editors = not restricted
return WikiSettings(settings,
mayedit,
show_settings=not page.special,
page=page.name,
show_editors=show_editors,
restricted=restricted,
may_revise=True).render()
@require_oauth2_scope("modwiki")
@api_doc(api_section.wiki, uri='/wiki/settings/{page}', uses_site=True)
@validate(VModhash(),
page=VWikiPage('page', restricted=True, modonly=True),
permlevel=VInt('permlevel'),
listed=VBoolean('listed'))
def POST_wiki_settings(self, page, permlevel, listed):
"""Update the permissions and visibility of wiki `page`"""
oldpermlevel = page.permlevel
try:
page.change_permlevel(permlevel)
except ValueError:
self.handle_error(403, 'INVALID_PERMLEVEL')
if page.listed != listed:
page.listed = listed
page._commit()
verb = 'Relisted' if listed else 'Delisted'
description = '%s page %s' % (verb, page.name)
ModAction.create(c.site,
c.user,
'wikipagelisted',
description=description)
if oldpermlevel != permlevel:
description = 'Page: %s, Changed from %s to %s' % (
page.name, oldpermlevel, permlevel)
ModAction.create(c.site,
c.user,
'wikipermlevel',
description=description)
return self.GET_wiki_settings(page=page.name)
def on_validation_error(self, error):
RedditController.on_validation_error(self, error)
if error.code:
self.handle_error(error.code, error.name)
def handle_error(self, code, reason=None, **data):
abort(reddit_http_error(code, reason, **data))
def pre(self):
RedditController.pre(self)
if g.disable_wiki and not c.user_is_admin:
self.handle_error(403, 'WIKI_DOWN')
if not c.site._should_wiki:
self.handle_error(404, 'NOT_WIKIABLE') # /r/mod for an example
frontpage = isinstance(c.site, DefaultSR)
c.wiki_base_url = join_urls(c.site.path, 'wiki')
c.wiki_api_url = join_urls(c.site.path, '/api/wiki')
c.wiki_id = g.default_sr if frontpage else c.site.name
self.editconflict = False
c.is_wiki_mod = (c.user_is_admin or c.site.is_moderator_with_perms(
c.user, 'wiki')) if c.user_is_loggedin else False
c.wikidisabled = False
mode = c.site.wikimode
if not mode or mode == 'disabled':
if not c.is_wiki_mod:
self.handle_error(403, 'WIKI_DISABLED')
else:
c.wikidisabled = True
# Redirects from the old wiki
def GET_faq(self):
return self.GET_wiki_redirect(page='faq')
GET_help = GET_wiki_redirect
class StripeController(GoldPaymentController):
name = 'stripe'
webhook_secret = g.STRIPE_WEBHOOK_SECRET
event_type_mappings = {
'charge.succeeded': 'succeeded',
'charge.failed': 'failed',
'charge.refunded': 'refunded',
'customer.created': 'noop',
'transfer.created': 'noop',
'transfer.paid': 'noop',
}
@classmethod
def process_response(cls):
event_dict = json.loads(request.body)
event = stripe.Event.construct_from(event_dict, g.STRIPE_SECRET_KEY)
status = event.type
if cls.event_type_mappings.get(status) == 'noop':
return status, None, None, None, None
charge = event.data.object
description = charge.description
try:
passthrough, buyer_name = description.split('-', 1)
except ValueError:
g.log.error('stripe_error on charge: %s', charge)
raise
transaction_id = 'S%s' % charge.id
pennies = charge.amount
months, days = months_and_days_from_pennies(pennies)
return status, passthrough, transaction_id, pennies, months
@validatedForm(VUser(),
token=nop('stripeToken'),
passthrough=VPrintable("passthrough", max_length=50),
pennies=VInt('pennies'),
months=VInt("months"))
def POST_goldcharge(self, form, jquery, token, passthrough, pennies, months):
"""
Submit charge to stripe.
Called by GoldPayment form. This submits the charge to stripe, and gold
will be applied once we receive a webhook from stripe.
"""
try:
payment_blob = validate_blob(passthrough)
except GoldException as e:
# This should never happen. All fields in the payment_blob
# are validated on creation
form.set_html('.status',
_('something bad happened, try again later'))
g.log.debug('POST_goldcharge: %s' % e.message)
return
penny_months, days = months_and_days_from_pennies(pennies)
if not months or months != penny_months:
form.set_html('.status', _('stop trying to trick the form'))
return
stripe.api_key = g.STRIPE_SECRET_KEY
try:
customer = stripe.Customer.create(card=token)
if (customer['active_card']['address_line1_check'] == 'fail' or
customer['active_card']['address_zip_check'] == 'fail'):
form.set_html('.status',
_('error: address verification failed'))
form.find('.stripe-submit').removeAttr('disabled').end()
return
if customer['active_card']['cvc_check'] == 'fail':
form.set_html('.status', _('error: cvc check failed'))
form.find('.stripe-submit').removeAttr('disabled').end()
return
charge = stripe.Charge.create(
amount=pennies,
currency="usd",
customer=customer['id'],
description='%s-%s' % (passthrough, c.user.name)
)
except stripe.CardError as e:
form.set_html('.status', 'error: %s' % e.message)
form.find('.stripe-submit').removeAttr('disabled').end()
except stripe.InvalidRequestError as e:
form.set_html('.status', _('invalid request'))
except stripe.APIConnectionError as e:
form.set_html('.status', _('api error'))
except stripe.AuthenticationError as e:
form.set_html('.status', _('connection error'))
except stripe.StripeError as e:
form.set_html('.status', _('error'))
g.log.error('stripe error: %s' % e)
else:
form.set_html('.status', _('payment submitted'))
# webhook usually sends near instantly, send a message in case
subject = _('gold payment')
msg = _('your payment is being processed and gold will be'
' delivered shortly')
send_system_message(c.user, subject, msg)
class PromoteApiController(ApiController):
@json_validate(sr=VSubmitSR('sr', promotion=True),
collection=VCollection('collection'),
location=VLocation(),
start=VDate('startdate'),
end=VDate('enddate'))
def GET_check_inventory(self, responder, sr, collection, location, start,
end):
if collection:
target = Target(collection)
sr = None
else:
sr = sr or Frontpage
target = Target(sr.name)
if not allowed_location_and_target(location, target):
return abort(403, 'forbidden')
available = inventory.get_available_pageviews(target,
start,
end,
location=location,
datestr=True)
return {'inventory': available}
@validatedForm(VSponsorAdmin(),
VModhash(),
link=VLink("link_id36"),
campaign=VPromoCampaign("campaign_id36"))
def POST_freebie(self, form, jquery, link, campaign):
if not link or not campaign or link._id != campaign.link_id:
return abort(404, 'not found')
if campaign_has_oversold_error(form, campaign):
form.set_text(".freebie", _("target oversold, can't freebie"))
return
if promote.is_promo(link) and campaign:
promote.free_campaign(link, campaign, c.user)
form.redirect(promote.promo_edit_url(link))
@validatedForm(VSponsorAdmin(),
VModhash(),
link=VByName("link"),
note=nop("note"))
def POST_promote_note(self, form, jquery, link, note):
if promote.is_promo(link):
text = PromotionLog.add(link, note)
form.find(".notes").children(":last").after("<p>" + websafe(text) +
"</p>")
@noresponse(VSponsorAdmin(), VModhash(), thing=VByName('id'))
def POST_promote(self, thing):
if promote.is_promo(thing):
promote.accept_promotion(thing)
@noresponse(VSponsorAdmin(),
VModhash(),
thing=VByName('id'),
reason=nop("reason"))
def POST_unpromote(self, thing, reason):
if promote.is_promo(thing):
promote.reject_promotion(thing, reason=reason)
@validatedForm(VSponsorAdmin(),
VModhash(),
link=VLink('link'),
campaign=VPromoCampaign('campaign'))
def POST_refund_campaign(self, form, jquery, link, campaign):
if not link or not campaign or link._id != campaign.link_id:
return abort(404, 'not found')
billable_impressions = promote.get_billable_impressions(campaign)
billable_amount = promote.get_billable_amount(campaign,
billable_impressions)
refund_amount = promote.get_refund_amount(campaign, billable_amount)
if refund_amount > 0:
promote.refund_campaign(link, campaign, billable_amount,
billable_impressions)
form.set_text('.status', _('refund succeeded'))
else:
form.set_text('.status', _('refund not needed'))
@validatedForm(
VSponsor('link_id36'),
VModhash(),
VRatelimit(rate_user=True, rate_ip=True, prefix='create_promo_'),
VShamedDomain('url'),
username=VLength('username', 100, empty_error=None),
l=VLink('link_id36'),
title=VTitle('title'),
url=VUrl('url', allow_self=False),
selftext=VMarkdownLength('text', max_length=40000),
kind=VOneOf('kind', ['link', 'self']),
disable_comments=VBoolean("disable_comments"),
sendreplies=VBoolean("sendreplies"),
media_url=VUrl("media_url",
allow_self=False,
valid_schemes=('http', 'https')),
gifts_embed_url=VUrl("gifts_embed_url",
allow_self=False,
valid_schemes=('http', 'https')),
media_url_type=VOneOf("media_url_type", ("redditgifts", "scrape")),
media_autoplay=VBoolean("media_autoplay"),
media_override=VBoolean("media-override"),
domain_override=VLength("domain", 100),
is_managed=VBoolean("is_managed"),
)
def POST_edit_promo(self, form, jquery, username, l, title, url, selftext,
kind, disable_comments, sendreplies, media_url,
media_autoplay, media_override, gifts_embed_url,
media_url_type, domain_override, is_managed):
should_ratelimit = False
if not c.user_is_sponsor:
should_ratelimit = True
if not should_ratelimit:
c.errors.remove((errors.RATELIMIT, 'ratelimit'))
# check for user override
if not l and c.user_is_sponsor and username:
try:
user = Account._by_name(username)
except NotFound:
c.errors.add(errors.USER_DOESNT_EXIST, field="username")
form.set_error(errors.USER_DOESNT_EXIST, "username")
return
if not user.email:
c.errors.add(errors.NO_EMAIL_FOR_USER, field="username")
form.set_error(errors.NO_EMAIL_FOR_USER, "username")
return
if not user.email_verified:
c.errors.add(errors.NO_VERIFIED_EMAIL, field="username")
form.set_error(errors.NO_VERIFIED_EMAIL, "username")
return
else:
user = c.user
# check for shame banned domains
if form.has_errors("url", errors.DOMAIN_BANNED):
g.stats.simple_event('spam.shame.link')
return
# demangle URL in canonical way
if url:
if isinstance(url, (unicode, str)):
form.set_inputs(url=url)
elif isinstance(url, tuple) or isinstance(url[0], Link):
# there's already one or more links with this URL, but
# we're allowing mutliple submissions, so we really just
# want the URL
url = url[0].url
if kind == 'link':
if form.has_errors('url', errors.NO_URL, errors.BAD_URL):
return
# users can change the disable_comments on promoted links
if ((not l or not promote.is_promoted(l))
and (form.has_errors('title', errors.NO_TEXT, errors.TOO_LONG)
or jquery.has_errors('ratelimit', errors.RATELIMIT))):
return
if kind == 'self' and form.has_errors('text', errors.TOO_LONG):
return
if not l:
# creating a new promoted link
l = promote.new_promotion(title, url if kind == 'link' else 'self',
selftext if kind == 'self' else '', user,
request.ip)
l.domain_override = domain_override or None
if c.user_is_sponsor:
l.managed_promo = is_managed
l._commit()
form.redirect(promote.promo_edit_url(l))
elif not promote.is_promo(l):
return
# changing link type is not allowed
if ((l.is_self and kind == 'link')
or (not l.is_self and kind == 'self')):
c.errors.add(errors.NO_CHANGE_KIND, field="kind")
form.set_error(errors.NO_CHANGE_KIND, "kind")
return
changed = False
# live items can only be changed by a sponsor, and also
# pay the cost of de-approving the link
if not promote.is_promoted(l) or c.user_is_sponsor:
if title and title != l.title:
l.title = title
changed = not c.user_is_sponsor
if kind == 'link' and url and url != l.url:
l.url = url
changed = not c.user_is_sponsor
# only trips if the title and url are changed by a non-sponsor
if changed:
promote.unapprove_promotion(l)
# selftext can be changed at any time
if kind == 'self':
l.selftext = selftext
# comment disabling and sendreplies is free to be changed any time.
l.disable_comments = disable_comments
l.sendreplies = sendreplies
if c.user_is_sponsor:
if (form.has_errors("media_url", errors.BAD_URL)
or form.has_errors("gifts_embed_url", errors.BAD_URL)):
return
scraper_embed = media_url_type == "scrape"
media_url = media_url or None
gifts_embed_url = gifts_embed_url or None
if c.user_is_sponsor and scraper_embed and media_url != l.media_url:
if media_url:
media = _scrape_media(media_url,
autoplay=media_autoplay,
save_thumbnail=False,
use_cache=True)
if media:
l.set_media_object(media.media_object)
l.set_secure_media_object(media.secure_media_object)
l.media_url = media_url
l.gifts_embed_url = None
l.media_autoplay = media_autoplay
else:
c.errors.add(errors.SCRAPER_ERROR, field="media_url")
form.set_error(errors.SCRAPER_ERROR, "media_url")
return
else:
l.set_media_object(None)
l.set_secure_media_object(None)
l.media_url = None
l.gifts_embed_url = None
l.media_autoplay = False
if (c.user_is_sponsor and not scraper_embed
and gifts_embed_url != l.gifts_embed_url):
if gifts_embed_url:
parsed = UrlParser(gifts_embed_url)
if not is_subdomain(parsed.hostname, "redditgifts.com"):
c.errors.add(errors.BAD_URL, field="gifts_embed_url")
form.set_error(errors.BAD_URL, "gifts_embed_url")
return
iframe = """
<iframe class="redditgifts-embed"
src="%(embed_url)s"
width="710" height="500" scrolling="no"
frameborder="0" allowfullscreen>
</iframe>
""" % {
'embed_url': websafe(gifts_embed_url)
}
media_object = {
'oembed': {
'description': 'redditgifts embed',
'height': 500,
'html': iframe,
'provider_name': 'redditgifts',
'provider_url': 'http://www.redditgifts.com/',
'title': 'redditgifts secret santa 2014',
'type': 'rich',
'width': 710
},
'type': 'redditgifts'
}
l.set_media_object(media_object)
l.set_secure_media_object(media_object)
l.media_url = None
l.gifts_embed_url = gifts_embed_url
l.media_autoplay = False
else:
l.set_media_object(None)
l.set_secure_media_object(None)
l.media_url = None
l.gifts_embed_url = None
l.media_autoplay = False
if c.user_is_sponsor:
l.media_override = media_override
l.domain_override = domain_override or None
l.managed_promo = is_managed
l._commit()
form.redirect(promote.promo_edit_url(l))
@validatedForm(VSponsorAdmin(),
VModhash(),
dates=VDateRange(['startdate', 'enddate'],
reference_date=promote.promo_datetime_now),
sr=VSubmitSR('sr', promotion=True))
def POST_add_roadblock(self, form, jquery, dates, sr):
if (form.has_errors('startdate', errors.BAD_DATE) or form.has_errors(
'enddate', errors.BAD_DATE, errors.BAD_DATE_RANGE)):
return
if form.has_errors('sr', errors.SUBREDDIT_NOEXIST,
errors.SUBREDDIT_NOTALLOWED,
errors.SUBREDDIT_REQUIRED):
return
if dates and sr:
sd, ed = dates
PromotedLinkRoadblock.add(sr, sd, ed)
jquery.refresh()
@validatedForm(VSponsorAdmin(),
VModhash(),
dates=VDateRange(['startdate', 'enddate'],
reference_date=promote.promo_datetime_now),
sr=VSubmitSR('sr', promotion=True))
def POST_rm_roadblock(self, form, jquery, dates, sr):
if dates and sr:
sd, ed = dates
PromotedLinkRoadblock.remove(sr, sd, ed)
jquery.refresh()
@validatedForm(
VSponsor('link_id36'),
VModhash(),
dates=VDateRange(['startdate', 'enddate'],
earliest=timedelta(days=g.min_promote_future),
latest=timedelta(days=g.max_promote_future),
reference_date=promote.promo_datetime_now,
business_days=True,
sponsor_override=True),
link=VLink('link_id36'),
bid=VFloat('bid', coerce=False),
target=VPromoTarget(),
campaign_id36=nop("campaign_id36"),
priority=VPriority("priority"),
location=VLocation(),
)
def POST_edit_campaign(self, form, jquery, link, campaign_id36, dates, bid,
target, priority, location):
if not link:
return
if not target:
# run form.has_errors to populate the errors in the response
form.has_errors('sr', errors.SUBREDDIT_NOEXIST,
errors.SUBREDDIT_NOTALLOWED,
errors.SUBREDDIT_REQUIRED)
form.has_errors('collection', errors.COLLECTION_NOEXIST)
form.has_errors('targeting', errors.INVALID_TARGET)
return
start, end = dates or (None, None)
if not allowed_location_and_target(location, target):
return abort(403, 'forbidden')
cpm = PromotionPrices.get_price(target, location)
if (form.has_errors('startdate', errors.BAD_DATE,
errors.DATE_TOO_EARLY, errors.DATE_TOO_LATE)
or form.has_errors('enddate', errors.BAD_DATE,
errors.DATE_TOO_EARLY, errors.DATE_TOO_LATE,
errors.BAD_DATE_RANGE)):
return
# check that start is not so late that authorization hold will expire
if not c.user_is_sponsor:
max_start = promote.get_max_startdate()
if start > max_start:
c.errors.add(
errors.DATE_TOO_LATE,
msg_params={'day': max_start.strftime("%m/%d/%Y")},
field='startdate')
form.has_errors('startdate', errors.DATE_TOO_LATE)
return
# Limit the number of PromoCampaigns a Link can have
# Note that the front end should prevent the user from getting
# this far
existing_campaigns = list(PromoCampaign._by_link(link._id))
if len(existing_campaigns) > g.MAX_CAMPAIGNS_PER_LINK:
c.errors.add(errors.TOO_MANY_CAMPAIGNS,
msg_params={'count': g.MAX_CAMPAIGNS_PER_LINK},
field='title')
form.has_errors('title', errors.TOO_MANY_CAMPAIGNS)
return
campaign = None
if campaign_id36:
try:
campaign = PromoCampaign._byID36(campaign_id36)
except NotFound:
pass
if campaign and link._id != campaign.link_id:
return abort(404, 'not found')
if priority.cpm:
min_bid = 0 if c.user_is_sponsor else g.min_promote_bid
max_bid = None if c.user_is_sponsor else g.max_promote_bid
if bid is None or bid < min_bid or (max_bid and bid > max_bid):
c.errors.add(errors.BAD_BID,
field='bid',
msg_params={
'min': min_bid,
'max': max_bid or g.max_promote_bid
})
form.has_errors('bid', errors.BAD_BID)
return
# you cannot edit the bid of a live ad unless it's a freebie
if (campaign and bid != campaign.bid
and promote.is_live_promo(link, campaign)
and not campaign.is_freebie()):
c.errors.add(errors.BID_LIVE, field='bid')
form.has_errors('bid', errors.BID_LIVE)
return
else:
bid = 0. # Set bid to 0 as dummy value
is_frontpage = (not target.is_collection
and target.subreddit_name == Frontpage.name)
if not target.is_collection and not is_frontpage:
# targeted to a single subreddit, check roadblock
sr = target.subreddits_slow[0]
roadblock = PromotedLinkRoadblock.is_roadblocked(sr, start, end)
if roadblock and not c.user_is_sponsor:
msg_params = {
"start": roadblock[0].strftime('%m/%d/%Y'),
"end": roadblock[1].strftime('%m/%d/%Y')
}
c.errors.add(errors.OVERSOLD,
field='sr',
msg_params=msg_params)
form.has_errors('sr', errors.OVERSOLD)
return
# Check inventory
campaign = campaign if campaign_id36 else None
if not priority.inventory_override:
oversold = has_oversold_error(form, campaign, start, end, bid, cpm,
target, location)
if oversold:
return
if campaign:
promote.edit_campaign(link, campaign, dates, bid, cpm, target,
priority, location)
else:
campaign = promote.new_campaign(link, dates, bid, cpm, target,
priority, location)
rc = RenderableCampaign.from_campaigns(link, campaign)
jquery.update_campaign(campaign._fullname, rc.render_html())
@validatedForm(VSponsor('link_id36'),
VModhash(),
l=VLink('link_id36'),
campaign=VPromoCampaign("campaign_id36"))
def POST_delete_campaign(self, form, jquery, l, campaign):
if not campaign or not l or l._id != campaign.link_id:
return abort(404, 'not found')
promote.delete_campaign(l, campaign)
@validatedForm(VSponsorAdmin(),
VModhash(),
link=VLink('link_id36'),
campaign=VPromoCampaign("campaign_id36"))
def POST_terminate_campaign(self, form, jquery, link, campaign):
if not link or not campaign or link._id != campaign.link_id:
return abort(404, 'not found')
promote.terminate_campaign(link, campaign)
rc = RenderableCampaign.from_campaigns(link, campaign)
jquery.update_campaign(campaign._fullname, rc.render_html())
@validatedForm(VSponsor('link'),
VModhash(),
link=VByName("link"),
campaign=VPromoCampaign("campaign"),
customer_id=VInt("customer_id", min=0),
pay_id=VInt("account", min=0),
edit=VBoolean("edit"),
address=ValidAddress([
"firstName", "lastName", "company", "address", "city",
"state", "zip", "country", "phoneNumber"
]),
creditcard=ValidCard(
["cardNumber", "expirationDate", "cardCode"]))
def POST_update_pay(self, form, jquery, link, campaign, customer_id,
pay_id, edit, address, creditcard):
if not g.authorizenetapi:
return
if not link or not campaign or link._id != campaign.link_id:
return abort(404, 'not found')
# Check inventory
if campaign_has_oversold_error(form, campaign):
return
# check that start is not so late that authorization hold will expire
max_start = promote.get_max_startdate()
if campaign.start_date > max_start:
msg = _("please change campaign start date to %(date)s or earlier")
date = format_date(max_start, format="short", locale=c.locale)
msg %= {'date': date}
form.set_text(".status", msg)
return
# check the campaign start date is still valid (user may have created
# the campaign a few days ago)
now = promote.promo_datetime_now()
min_start = now + timedelta(days=g.min_promote_future)
if campaign.start_date.date() < min_start.date():
msg = _("please change campaign start date to %(date)s or later")
date = format_date(min_start, format="short", locale=c.locale)
msg %= {'date': date}
form.set_text(".status", msg)
return
address_modified = not pay_id or edit
if address_modified:
address_fields = [
"firstName", "lastName", "company", "address", "city", "state",
"zip", "country", "phoneNumber"
]
card_fields = ["cardNumber", "expirationDate", "cardCode"]
if (form.has_errors(address_fields, errors.BAD_ADDRESS)
or form.has_errors(card_fields, errors.BAD_CARD)):
return
pay_id = edit_profile(c.user, address, creditcard, pay_id)
reason = None
if pay_id:
success, reason = promote.auth_campaign(link, campaign, c.user,
pay_id)
if success:
form.redirect(promote.promo_edit_url(link))
return
msg = reason or _("failed to authenticate card. sorry.")
form.set_text(".status", msg)
@validate(VSponsor("link_name"),
VModhash(),
link=VByName('link_name'),
file=VUploadLength('file', 500 * 1024),
img_type=VImageType('img_type'))
def POST_link_thumb(self, link=None, file=None, img_type='jpg'):
if link and (not promote.is_promoted(link) or c.user_is_sponsor):
errors = dict(BAD_CSS_NAME="", IMAGE_ERROR="")
# thumnails for promoted links can change and therefore expire
force_thumbnail(link, file, file_type=".%s" % img_type)
if any(errors.values()):
return UploadedImage("",
"",
"upload",
errors=errors,
form_id="image-upload").render()
else:
link._commit()
return UploadedImage(_('saved'),
thumbnail_url(link),
"",
errors=errors,
form_id="image-upload").render()
class PromoteController(ListingController):
where = 'promoted'
render_cls = PromotePage
@property
def title_text(self):
return _('promoted by you')
def keep_fn(self):
def keep(item):
if item.promoted and not item._deleted:
return True
else:
return False
return keep
def query(self):
if c.user_is_sponsor:
if self.sort == "future_promos":
return queries.get_all_unapproved_links()
elif self.sort == "pending_promos":
return queries.get_all_accepted_links()
elif self.sort == "unpaid_promos":
return queries.get_all_unpaid_links()
elif self.sort == "rejected_promos":
return queries.get_all_rejected_links()
elif self.sort == "live_promos":
return queries.get_all_live_links()
return queries.get_all_promoted_links()
else:
if self.sort == "future_promos":
return queries.get_unapproved_links(c.user._id)
elif self.sort == "pending_promos":
return queries.get_accepted_links(c.user._id)
elif self.sort == "unpaid_promos":
return queries.get_unpaid_links(c.user._id)
elif self.sort == "rejected_promos":
return queries.get_rejected_links(c.user._id)
elif self.sort == "live_promos":
return queries.get_live_links(c.user._id)
return queries.get_promoted_links(c.user._id)
@validate(VSponsor())
def GET_listing(self, sort="", **env):
if not c.user_is_loggedin or not c.user.email_verified:
return self.redirect("/ad_inq")
self.sort = sort
return ListingController.GET_listing(self, **env)
GET_index = GET_listing
@validate(VSponsor())
def GET_new_promo(self):
return PromotePage('content', content=PromoteLinkForm()).render()
@validate(VSponsor('link'),
link=VLink('link'))
def GET_edit_promo(self, link):
if not link or link.promoted is None:
return self.abort404()
rendered = wrap_links(link, wrapper=promote.sponsor_wrapper,
skip=False)
form = PromoteLinkForm(link=link,
listing=rendered,
timedeltatext="")
page = PromotePage('new_promo', content=form)
return page.render()
# For development. Should eventually replace GET_edit_promo
@validate(VSponsor('link'),
link=VLink('link'))
def GET_edit_promo_cpm(self, link):
if not link or link.promoted is None:
return self.abort404()
rendered = wrap_links(link, wrapper=promote.sponsor_wrapper,
skip=False)
form = PromoteLinkFormCpm(link=link,
listing=rendered,
timedeltatext="")
page = PromotePage('new_promo', content=form)
return page.render()
# admin only because the route might change
@validate(VSponsorAdmin('campaign'),
campaign=VPromoCampaign('campaign'))
def GET_edit_promo_campaign(self, campaign):
if not campaign:
return self.abort404()
link = Link._byID(campaign.link_id)
return self.redirect(promote.promo_edit_url(link))
@validate(VSponsor(),
dates=VDateRange(["startdate", "enddate"],
max_range=timedelta(days=28),
required=False))
def GET_graph(self, dates):
start, end, bad_dates = _check_dates(dates)
return PromotePage("graph",
content=Promote_Graph(
start, end, bad_dates=bad_dates)
).render()
@validate(VSponsorAdmin(),
dates=VDateRange(["startdate", "enddate"],
max_range=timedelta(days=28),
required=False))
def GET_admingraph(self, dates):
start, end, bad_dates = _check_dates(dates)
content = Promote_Graph(start, end, bad_dates=bad_dates,
admin_view=True)
if c.render_style == 'csv':
return content.as_csv()
return PromotePage("admingraph", content=content).render()
def GET_inventory(self, sr_name):
'''
Return available inventory data as json for use in ajax calls
'''
inv_start_date = promote.promo_datetime_now()
inv_end_date = inv_start_date + timedelta(60)
inventory = promote.get_available_impressions(
sr_name,
inv_start_date,
inv_end_date,
fuzzed=(not c.user_is_admin)
)
dates = []
impressions = []
max_imps = 0
for date, imps in inventory.iteritems():
dates.append(date.strftime("%m/%d/%Y"))
impressions.append(imps)
max_imps = max(max_imps, imps)
return json.dumps({'sr':sr_name,
'dates': dates,
'imps':impressions,
'max_imps':max_imps})
# ## POST controllers below
@validatedForm(VSponsorAdmin(),
link=VLink("link_id"),
campaign=VPromoCampaign("campaign_id36"))
def POST_freebie(self, form, jquery, link, campaign):
if promote.is_promo(link) and campaign:
promote.free_campaign(link, campaign, c.user)
form.redirect(promote.promo_edit_url(link))
@validatedForm(VSponsorAdmin(),
link=VByName("link"),
note=nop("note"))
def POST_promote_note(self, form, jquery, link, note):
if promote.is_promo(link):
text = PromotionLog.add(link, note)
form.find(".notes").children(":last").after(
"<p>" + text + "</p>")
@noresponse(VSponsorAdmin(),
thing=VByName('id'))
def POST_promote(self, thing):
if promote.is_promo(thing):
promote.accept_promotion(thing)
@noresponse(VSponsorAdmin(),
thing=VByName('id'),
reason=nop("reason"))
def POST_unpromote(self, thing, reason):
if promote.is_promo(thing):
promote.reject_promotion(thing, reason=reason)
@validatedForm(VSponsor('link_id'),
VModhash(),
VRatelimit(rate_user=True,
rate_ip=True,
prefix='create_promo_'),
l=VLink('link_id'),
title=VTitle('title'),
url=VUrl('url', allow_self=False, lookup=False),
ip=ValidIP(),
disable_comments=VBoolean("disable_comments"),
set_clicks=VBoolean("set_maximum_clicks"),
max_clicks=VInt("maximum_clicks", min=0),
set_views=VBoolean("set_maximum_views"),
max_views=VInt("maximum_views", min=0),
media_width=VInt("media-width", min=0),
media_height=VInt("media-height", min=0),
media_embed=VLength("media-embed", 1000),
media_override=VBoolean("media-override"),
domain_override=VLength("domain", 100)
)
def POST_edit_promo(self, form, jquery, ip, l, title, url,
disable_comments,
set_clicks, max_clicks,
set_views, max_views,
media_height, media_width, media_embed,
media_override, domain_override):
should_ratelimit = False
if not c.user_is_sponsor:
set_clicks = False
set_views = False
should_ratelimit = True
if not set_clicks:
max_clicks = None
if not set_views:
max_views = None
if not should_ratelimit:
c.errors.remove((errors.RATELIMIT, 'ratelimit'))
# demangle URL in canonical way
if url:
if isinstance(url, (unicode, str)):
form.set_inputs(url=url)
elif isinstance(url, tuple) or isinstance(url[0], Link):
# there's already one or more links with this URL, but
# we're allowing mutliple submissions, so we really just
# want the URL
url = url[0].url
# users can change the disable_comments on promoted links
if ((not l or not promote.is_promoted(l)) and
(form.has_errors('title', errors.NO_TEXT,
errors.TOO_LONG) or
form.has_errors('url', errors.NO_URL, errors.BAD_URL) or
jquery.has_errors('ratelimit', errors.RATELIMIT))):
return
if not l:
l = promote.new_promotion(title, url, c.user, ip)
elif promote.is_promo(l):
changed = False
# live items can only be changed by a sponsor, and also
# pay the cost of de-approving the link
trusted = c.user_is_sponsor or c.user.trusted_sponsor
if not promote.is_promoted(l) or trusted:
if title and title != l.title:
l.title = title
changed = not trusted
if url and url != l.url:
l.url = url
changed = not trusted
# only trips if the title and url are changed by a non-sponsor
if changed and not promote.is_unpaid(l):
promote.unapprove_promotion(l)
if trusted and promote.is_unapproved(l):
promote.accept_promotion(l)
if c.user_is_sponsor:
l.maximum_clicks = max_clicks
l.maximum_views = max_views
# comment disabling is free to be changed any time.
l.disable_comments = disable_comments
if c.user_is_sponsor or c.user.trusted_sponsor:
if media_embed and media_width and media_height:
l.media_object = dict(height=media_height,
width=media_width,
content=media_embed,
type='custom')
else:
l.media_object = None
l.media_override = media_override
if getattr(l, "domain_override", False) or domain_override:
l.domain_override = domain_override
l._commit()
form.redirect(promote.promo_edit_url(l))
@validate(VSponsorAdmin())
def GET_roadblock(self):
return PromotePage('content', content=Roadblocks()).render()
@validatedForm(VSponsorAdmin(),
VModhash(),
dates=VDateRange(['startdate', 'enddate'],
future=1,
reference_date=promote.promo_datetime_now,
business_days=False,
sponsor_override=True),
sr=VSubmitSR('sr', promotion=True))
def POST_add_roadblock(self, form, jquery, dates, sr):
if (form.has_errors('startdate', errors.BAD_DATE,
errors.BAD_FUTURE_DATE) or
form.has_errors('enddate', errors.BAD_DATE,
errors.BAD_FUTURE_DATE, errors.BAD_DATE_RANGE)):
return
if form.has_errors('sr', errors.SUBREDDIT_NOEXIST,
errors.SUBREDDIT_NOTALLOWED,
errors.SUBREDDIT_REQUIRED):
return
if dates and sr:
sd, ed = dates
promote.roadblock_reddit(sr.name, sd.date(), ed.date())
jquery.refresh()
@validatedForm(VSponsorAdmin(),
VModhash(),
dates=VDateRange(['startdate', 'enddate'],
future=1,
reference_date=promote.promo_datetime_now,
business_days=False,
sponsor_override=True),
sr=VSubmitSR('sr', promotion=True))
def POST_rm_roadblock(self, form, jquery, dates, sr):
if dates and sr:
sd, ed = dates
promote.unroadblock_reddit(sr.name, sd.date(), ed.date())
jquery.refresh()
@validatedForm(VSponsor('link_id'),
VModhash(),
dates=VDateRange(['startdate', 'enddate'],
future=1,
reference_date=promote.promo_datetime_now,
business_days=False,
sponsor_override=True),
l=VLink('link_id'),
bid=VFloat('bid', min=0, max=g.max_promote_bid,
coerce=False, error=errors.BAD_BID),
sr=VSubmitSR('sr', promotion=True),
campaign_id36=nop("campaign_id36"),
targeting=VLength("targeting", 10))
def POST_edit_campaign(self, form, jquery, l, campaign_id36,
dates, bid, sr, targeting):
if not l:
return
start, end = dates or (None, None)
if (start and end and not promote.is_accepted(l) and
not c.user_is_sponsor):
# if the ad is not approved already, ensure the start date
# is at least 2 days in the future
start = start.date()
end = end.date()
now = promote.promo_datetime_now()
future = make_offset_date(now, g.min_promote_future,
business_days=True)
if start < future.date():
c.errors.add(errors.BAD_FUTURE_DATE,
msg_params=dict(day=g.min_promote_future),
field="startdate")
if (form.has_errors('startdate', errors.BAD_DATE,
errors.BAD_FUTURE_DATE) or
form.has_errors('enddate', errors.BAD_DATE,
errors.BAD_FUTURE_DATE, errors.BAD_DATE_RANGE)):
return
# Limit the number of PromoCampaigns a Link can have
# Note that the front end should prevent the user from getting
# this far
existing_campaigns = list(PromoCampaign._by_link(l._id))
if len(existing_campaigns) > g.MAX_CAMPAIGNS_PER_LINK:
c.errors.add(errors.TOO_MANY_CAMPAIGNS,
msg_params={'count': g.MAX_CAMPAIGNS_PER_LINK},
field='title')
form.has_errors('title', errors.TOO_MANY_CAMPAIGNS)
return
duration = max((end - start).days, 1)
if form.has_errors('bid', errors.BAD_BID):
return
# minimum bid depends on user privilege and targeting, checked here
# instead of in the validator b/c current duration is needed
if c.user_is_sponsor:
min_daily_bid = 0
elif targeting == 'one':
min_daily_bid = g.min_promote_bid * 1.5
else:
min_daily_bid = g.min_promote_bid
if campaign_id36:
# you cannot edit the bid of a live ad unless it's a freebie
try:
campaign = PromoCampaign._byID36(campaign_id36)
if (bid != campaign.bid and
campaign.start_date < datetime.now(g.tz)
and not campaign.is_freebie()):
c.errors.add(errors.BID_LIVE, field='bid')
form.has_errors('bid', errors.BID_LIVE)
return
except NotFound:
pass
if bid is None or bid / duration < min_daily_bid:
c.errors.add(errors.BAD_BID, field='bid',
msg_params={'min': min_daily_bid,
'max': g.max_promote_bid})
form.has_errors('bid', errors.BAD_BID)
return
if targeting == 'one':
if form.has_errors('sr', errors.SUBREDDIT_NOEXIST,
errors.SUBREDDIT_NOTALLOWED,
errors.SUBREDDIT_REQUIRED):
# checking to get the error set in the form, but we can't
# check for rate-limiting if there's no subreddit
return
oversold = promote.is_roadblocked(sr.name, start, end)
if oversold and not c.user_is_sponsor:
msg_params = {"start": oversold[0].strftime('%m/%d/%Y'),
"end": oversold[1].strftime('%m/%d/%Y')}
c.errors.add(errors.OVERSOLD, field='sr',
msg_params=msg_params)
form.has_errors('sr', errors.OVERSOLD)
return
if targeting == 'none':
sr = None
if campaign_id36 is not None:
campaign = PromoCampaign._byID36(campaign_id36)
promote.edit_campaign(l, campaign, dates, bid, sr)
r = promote.get_renderable_campaigns(l, campaign)
jquery.update_campaign(r.campaign_id36, r.start_date, r.end_date,
r.duration, r.bid, r.sr, r.status)
else:
campaign = promote.new_campaign(l, dates, bid, sr)
r = promote.get_renderable_campaigns(l, campaign)
jquery.new_campaign(r.campaign_id36, r.start_date, r.end_date,
r.duration, r.bid, r.sr, r.status)
@validatedForm(VSponsor('link_id'),
VModhash(),
l=VLink('link_id'),
campaign=VPromoCampaign("campaign_id36"))
def POST_delete_campaign(self, form, jquery, l, campaign):
if l and campaign:
promote.delete_campaign(l, campaign)
@validatedForm(VSponsor('container'),
VModhash(),
user=VExistingUname('name'),
thing=VByName('container'))
def POST_traffic_viewer(self, form, jquery, user, thing):
"""
Adds a user to the list of users allowed to view a promoted
link's traffic page.
"""
if not form.has_errors("name",
errors.USER_DOESNT_EXIST, errors.NO_USER):
form.set_inputs(name="")
form.set_html(".status:first", _("added"))
if promote.add_traffic_viewer(thing, user):
user_row = TrafficViewerList(thing).user_row('traffic', user)
jquery("#traffic-table").show(
).find("table").insert_table_rows(user_row)
# send the user a message
msg = user_added_messages['traffic']['pm']['msg']
subj = user_added_messages['traffic']['pm']['subject']
if msg and subj:
d = dict(url=thing.make_permalink_slow(),
traffic_url=promote.promo_traffic_url(thing),
title=thing.title)
msg = msg % d
item, inbox_rel = Message._new(c.user, user,
subj, msg, request.ip)
queries.new_message(item, inbox_rel)
@validatedForm(VSponsor('container'),
VModhash(),
iuser=VByName('id'),
thing=VByName('container'))
def POST_rm_traffic_viewer(self, form, jquery, iuser, thing):
if thing and iuser:
promote.rm_traffic_viewer(thing, iuser)
@validatedForm(VSponsor('link'),
link=VByName("link"),
campaign=VPromoCampaign("campaign"),
customer_id=VInt("customer_id", min=0),
pay_id=VInt("account", min=0),
edit=VBoolean("edit"),
address=ValidAddress(
["firstName", "lastName", "company", "address",
"city", "state", "zip", "country", "phoneNumber"],
allowed_countries=g.allowed_pay_countries),
creditcard=ValidCard(["cardNumber", "expirationDate",
"cardCode"]))
def POST_update_pay(self, form, jquery, link, campaign, customer_id, pay_id,
edit, address, creditcard):
address_modified = not pay_id or edit
form_has_errors = False
if address_modified:
if (form.has_errors(["firstName", "lastName", "company", "address",
"city", "state", "zip",
"country", "phoneNumber"],
errors.BAD_ADDRESS) or
form.has_errors(["cardNumber", "expirationDate", "cardCode"],
errors.BAD_CARD)):
form_has_errors = True
elif g.authorizenetapi:
pay_id = edit_profile(c.user, address, creditcard, pay_id)
else:
pay_id = 1
# if link is in use or finished, don't make a change
if pay_id and not form_has_errors:
# valid bid and created or existing bid id.
# check if already a transaction
if g.authorizenetapi:
success, reason = promote.auth_campaign(link, campaign, c.user,
pay_id)
else:
success = True
if success:
form.redirect(promote.promo_edit_url(link))
else:
form.set_html(".status",
reason or
_("failed to authenticate card. sorry."))
@validate(VSponsor("link"),
link=VLink("link"),
campaign=VPromoCampaign("campaign"))
def GET_pay(self, link, campaign):
# no need for admins to play in the credit card area
if c.user_is_loggedin and c.user._id != link.author_id:
return self.abort404()
if not campaign.link_id == link._id:
return self.abort404()
if g.authorizenetapi:
data = get_account_info(c.user)
content = PaymentForm(link, campaign,
customer_id=data.customerProfileId,
profiles=data.paymentProfiles,
max_profiles=PROFILE_LIMIT)
else:
content = None
res = LinkInfoPage(link=link,
content=content,
show_sidebar=False)
return res.render()
def GET_link_thumb(self, *a, **kw):
"""
See GET_upload_sr_image for rationale
"""
return "nothing to see here."
@validate(VSponsor("link_id"),
link=VByName('link_id'),
file=VLength('file', 500 * 1024))
def POST_link_thumb(self, link=None, file=None):
if link and (not promote.is_promoted(link) or
c.user_is_sponsor or c.user.trusted_sponsor):
errors = dict(BAD_CSS_NAME="", IMAGE_ERROR="")
try:
# thumnails for promoted links can change and therefore expire
force_thumbnail(link, file, file_type=".jpg")
except cssfilter.BadImage:
# if the image doesn't clean up nicely, abort
errors["IMAGE_ERROR"] = _("bad image")
if any(errors.values()):
return UploadedImage("", "", "upload", errors=errors,
form_id="image-upload").render()
else:
link._commit()
return UploadedImage(_('saved'), thumbnail_url(link), "",
errors=errors,
form_id="image-upload").render()
@validate(VSponsorAdmin(),
launchdate=VDate('ondate'),
dates=VDateRange(['startdate', 'enddate']),
query_type=VOneOf('q', ('started_on', 'between'), default=None))
def GET_admin(self, launchdate=None, dates=None, query_type=None):
return PromoAdminTool(query_type=query_type,
launchdate=launchdate,
start=dates[0],
end=dates[1]).render()