def _is_ratelimited(request):
"""Ratelimiting helper for kbforum threads and replies.
They are ratelimited together with the same key.
"""
return (
is_ratelimited(request, increment=True, rate='4/m', ip=False,
keys=user_or_ip('kbforum-post-min')) or
is_ratelimited(request, increment=True, rate='50/d', ip=False,
keys=user_or_ip('kbforum-post-day')))
def new_message(request, template):
"""Send a new private message."""
to = request.GET.get('to')
if to:
try:
User.objects.get(username=to)
except User.DoesNotExist:
contrib_messages.add_message(
request, contrib_messages.ERROR,
_('Invalid username provided. Enter a new username below.'))
return HttpResponseRedirect(reverse('messages.new'))
form = MessageForm(request.POST or None, initial={'to': to})
if (request.method == 'POST' and form.is_valid() and
not is_ratelimited(request, increment=True, rate='50/d', ip=False,
keys=user_or_ip('private-message-day'))):
send_message(form.cleaned_data['to'], form.cleaned_data['message'],
request.user)
if form.cleaned_data['in_reply_to']:
irt = form.cleaned_data['in_reply_to']
try:
m = InboxMessage.objects.get(pk=irt, to=request.user)
m.update(replied=True)
except InboxMessage.DoesNotExist:
pass
contrib_messages.add_message(request, contrib_messages.SUCCESS,
_('Your message was sent!'))
return HttpResponseRedirect(reverse('messages.inbox'))
return render(request, template, {'form': form})
def new_message(request, template):
"""Send a new private message."""
to = request.GET.get("to")
if to:
try:
User.objects.get(username=to)
except User.DoesNotExist:
contrib_messages.add_message(
request, contrib_messages.ERROR, _("Invalid username provided. Enter a new username below.")
)
return HttpResponseRedirect(reverse("messages.new"))
form = MessageForm(request.POST or None, initial={"to": to})
if (
request.method == "POST"
and form.is_valid()
and not is_ratelimited(request, increment=True, rate="50/d", ip=False, keys=user_or_ip("private-message-day"))
):
send_message(form.cleaned_data["to"], form.cleaned_data["message"], request.user)
if form.cleaned_data["in_reply_to"]:
irt = form.cleaned_data["in_reply_to"]
try:
m = InboxMessage.objects.get(pk=irt, to=request.user)
m.update(replied=True)
except InboxMessage.DoesNotExist:
pass
contrib_messages.add_message(request, contrib_messages.SUCCESS, _("Your message was sent!"))
return HttpResponseRedirect(reverse("messages.inbox"))
return render(request, template, {"form": form})
def new_message(request, template):
"""Send a new private message."""
to = request.GET.get('to')
if to:
try:
User.objects.get(username=to)
except User.DoesNotExist:
contrib_messages.add_message(
request, contrib_messages.ERROR,
_('Invalid username provided. Enter a new username below.'))
return HttpResponseRedirect(reverse('messages.new'))
form = MessageForm(request.POST or None, initial={'to': to})
if (request.method == 'POST' and form.is_valid()
and not is_ratelimited(request,
increment=True,
rate='50/d',
ip=False,
keys=user_or_ip('private-message-day'))):
send_message(form.cleaned_data['to'], form.cleaned_data['message'],
request.user)
if form.cleaned_data['in_reply_to']:
irt = form.cleaned_data['in_reply_to']
try:
m = InboxMessage.objects.get(pk=irt, to=request.user)
m.update(replied=True)
except InboxMessage.DoesNotExist:
pass
contrib_messages.add_message(request, contrib_messages.SUCCESS,
_('Your message was sent!'))
return HttpResponseRedirect(reverse('messages.inbox'))
return render(request, template, {'form': form})
def new_thread(request, forum_slug):
"""Start a new thread."""
forum = get_object_or_404(Forum, slug=forum_slug)
user = request.user
if not forum.allows_posting_by(user):
if forum.allows_viewing_by(user):
raise PermissionDenied
else:
raise Http404
if request.method == 'GET':
form = NewThreadForm()
return render(request, 'forums/new_thread.html', {
'form': form,
'forum': forum
})
form = NewThreadForm(request.POST)
post_preview = None
if form.is_valid():
if 'preview' in request.POST:
thread = Thread(creator=request.user,
title=form.cleaned_data['title'])
post_preview = Post(thread=thread,
author=request.user,
content=form.cleaned_data['content'])
post_preview.author_post_count = \
post_preview.author.post_set.count()
elif (_skip_post_ratelimit(request)
or not is_ratelimited(request,
increment=True,
rate='5/d',
ip=False,
keys=user_or_ip('forum-post'))):
thread = forum.thread_set.create(creator=request.user,
title=form.cleaned_data['title'])
thread.save()
statsd.incr('forums.thread')
post = thread.new_post(author=request.user,
content=form.cleaned_data['content'])
post.save()
NewThreadEvent(post).fire(exclude=post.author)
# Add notification automatically if needed.
if Setting.get_for_user(request.user, 'forums_watch_new_thread'):
NewPostEvent.notify(request.user, thread)
url = reverse('forums.posts', args=[forum_slug, thread.id])
return HttpResponseRedirect(urlparams(url, last=post.id))
return render(request, 'forums/new_thread.html', {
'form': form,
'forum': forum,
'post_preview': post_preview
})
def new_thread(request, forum_slug):
"""Start a new thread."""
forum = get_object_or_404(Forum, slug=forum_slug)
user = request.user
if not forum.allows_posting_by(user):
if forum.allows_viewing_by(user):
raise PermissionDenied
else:
raise Http404
if request.method == 'GET':
form = NewThreadForm()
return render(request, 'forums/new_thread.html', {
'form': form, 'forum': forum})
form = NewThreadForm(request.POST)
post_preview = None
if form.is_valid():
if 'preview' in request.POST:
thread = Thread(creator=request.user,
title=form.cleaned_data['title'])
post_preview = Post(thread=thread, author=request.user,
content=form.cleaned_data['content'])
post_preview.author_post_count = \
post_preview.author.post_set.count()
elif (_skip_post_ratelimit(request) or
not is_ratelimited(request, increment=True, rate='5/d', ip=False,
keys=user_or_ip('forum-post'))):
thread = forum.thread_set.create(creator=request.user,
title=form.cleaned_data['title'])
thread.save()
statsd.incr('forums.thread')
post = thread.new_post(author=request.user,
content=form.cleaned_data['content'])
post.save()
NewThreadEvent(post).fire(exclude=post.author)
# Add notification automatically if needed.
if Setting.get_for_user(request.user, 'forums_watch_new_thread'):
NewPostEvent.notify(request.user, thread)
url = reverse('forums.posts', args=[forum_slug, thread.id])
return HttpResponseRedirect(urlparams(url, last=post.id))
return render(request, 'forums/new_thread.html', {
'form': form, 'forum': forum,
'post_preview': post_preview})
def reply(request, forum_slug, thread_id):
"""Reply to a thread."""
forum = get_object_or_404(Forum, slug=forum_slug)
user = request.user
if not forum.allows_posting_by(user):
if forum.allows_viewing_by(user):
raise PermissionDenied
else:
raise Http404
form = ReplyForm(request.POST)
post_preview = None
if form.is_valid():
thread = get_object_or_404(Thread, pk=thread_id, forum=forum)
if not thread.is_locked:
reply_ = form.save(commit=False)
reply_.thread = thread
reply_.author = request.user
if 'preview' in request.POST:
post_preview = reply_
post_preview.author_post_count = \
reply_.author.post_set.count()
elif (_skip_post_ratelimit(request)
or not is_ratelimited(request,
increment=True,
rate='15/d',
ip=False,
keys=user_or_ip('forum-post'))):
reply_.save()
statsd.incr('forums.reply')
# Subscribe the user to the thread.
if Setting.get_for_user(request.user,
'forums_watch_after_reply'):
NewPostEvent.notify(request.user, thread)
# Send notifications to thread/forum watchers.
NewPostEvent(reply_).fire(exclude=reply_.author)
return HttpResponseRedirect(thread.get_last_post_url())
return posts(request,
forum_slug,
thread_id,
form,
post_preview,
is_reply=True)
def reply(request, forum_slug, thread_id):
"""Reply to a thread."""
forum = get_object_or_404(Forum, slug=forum_slug)
user = request.user
if not forum.allows_posting_by(user):
if forum.allows_viewing_by(user):
raise PermissionDenied
else:
raise Http404
form = ReplyForm(request.POST)
post_preview = None
if form.is_valid():
thread = get_object_or_404(Thread, pk=thread_id, forum=forum)
if not thread.is_locked:
reply_ = form.save(commit=False)
reply_.thread = thread
reply_.author = request.user
if 'preview' in request.POST:
post_preview = reply_
post_preview.author_post_count = \
reply_.author.post_set.count()
elif (_skip_post_ratelimit(request) or
not is_ratelimited(request, increment=True, rate='5/d',
ip=False,
keys=user_or_ip('forum-post'))):
reply_.save()
statsd.incr('forums.reply')
# Subscribe the user to the thread.
if Setting.get_for_user(request.user,
'forums_watch_after_reply'):
NewPostEvent.notify(request.user, thread)
# Send notifications to thread/forum watchers.
NewPostEvent(reply_).fire(exclude=reply_.author)
return HttpResponseRedirect(thread.get_last_post_url())
return posts(request, forum_slug, thread_id, form, post_preview,
is_reply=True)
document = get_object_or_404(Document, **kwargs)
data = json.dumps({
'id': document.id,
'locale': document.locale,
'slug': document.slug,
'title': document.title,
'summary': document.current_revision.summary,
'url': document.get_absolute_url(),
})
return HttpResponse(data, mimetype='application/json')
@require_POST
@csrf_exempt
@ratelimit(keys=user_or_ip('document-vote'), ip=False, rate='10/d')
def helpful_vote(request, document_slug):
"""Vote for Helpful/Not Helpful document"""
if 'revision_id' not in request.POST:
return HttpResponseBadRequest()
revision = get_object_or_404(
Revision, id=smart_int(request.POST['revision_id']))
survey = None
if revision.document.category == TEMPLATES_CATEGORY:
return HttpResponseBadRequest()
if not revision.has_voted(request):
ua = request.META.get('HTTP_USER_AGENT', '')[:1000] # 1000 max_length
vote = HelpfulVote(revision=revision, user_agent=ua)
document = get_object_or_404(Document, **kwargs)
data = json.dumps({
'id': document.id,
'locale': document.locale,
'slug': document.slug,
'title': document.title,
'summary': document.current_revision.summary,
'url': document.get_absolute_url(),
})
return HttpResponse(data, mimetype='application/json')
@require_POST
@csrf_exempt
@ratelimit(keys=user_or_ip('document-vote'), ip=False, rate='10/d')
def helpful_vote(request, document_slug):
"""Vote for Helpful/Not Helpful document"""
if 'revision_id' not in request.POST:
return HttpResponseBadRequest()
revision = get_object_or_404(Revision,
id=smart_int(request.POST['revision_id']))
survey = None
if revision.document.category == TEMPLATES_CATEGORY:
return HttpResponseBadRequest()
if not revision.has_voted(request):
ua = request.META.get('HTTP_USER_AGENT', '')[:1000] # 1000 max_length
vote = HelpfulVote(revision=revision, user_agent=ua)
