def claim_listing(permalink):
"""Allow a seller to claim a listing whose email they have lost."""
# Look up the existing listing used for this person.
listing = helpers.lookup_listing(permalink)
if not listing:
abort(404)
# Prevent button spamming.
seller = listing.seller
title = listing.title
if (dos.rate_limit(listing.seller, 4, 60) or
dos.rate_limit(listing.key().name, 2, 60)):
seller = "*****@*****.**"
title = "SPAM REQUEST: " + listing.title
# Send the user an email to let them edit the listing.
email.send_mail(
to=seller,
subject="Marketplace Listing \"{}\"".format(title),
html=render_template("email/welcome.html", listing=listing),
text=render_template("email/welcome.txt", listing=listing)
)
flash("We've emailed you a link to edit this listing.")
return redirect(url_for("show_listing", permalink=listing.permalink))
def place_inquiry(listing, buyer, message):
"""
Control the creation of inquiries for each listing.
"""
# Block addresses commonly used for posting spam.
block(is_from_tor())
# Block users that are banned from Marketplace.
block(is_banned(buyer))
# Make sure the user only submits a fixed count at given time.
principal = [buyer, listing.permalink, request.remote_addr]
block(is_too_frequent(principal, [(4, 60), (100, 24 * 3600)]))
# Send a message to the user with a link to edit the listing.
is_signed_in = signed_in(listing)
email.send_mail(
to=listing.seller,
reply_to=buyer,
subject=u"Re: Marketplace Listing \"{}\"".format(listing.title),
html=render_template("email/inquiry.html", **locals()),
text=render_template("email/inquiry.txt", **locals()),
)
# Post to Slack about this listing.
slack.send_chat(text="Inquiry by {}".format(buyer),
username=listing.title,
icon_url=(photos.public_url(listing.photos[0], "small")
if listing.photos else None))
def place_inquiry(listing, buyer, message):
"""
Control the creation of inquiries for each listing.
"""
# Block addresses commonly used for posting spam.
block(is_from_tor())
# Block users that are banned from Marketplace.
block(is_banned(buyer))
# Make sure the user only submits a fixed count at given time.
principal = [buyer, listing.permalink, request.remote_addr]
block(is_too_frequent(principal, [(4, 60), (100, 24 * 3600)]))
# Send a message to the user with a link to edit the listing.
is_signed_in = signed_in(listing)
email.send_mail(
to=listing.seller,
reply_to=buyer,
subject=u"Re: Marketplace Listing \"{}\"".format(listing.title),
html=render_template("email/inquiry.html", **locals()),
text=render_template("email/inquiry.txt", **locals()),
)
# Post to Slack about this listing.
slack.send_chat(
text="Inquiry by {}".format(buyer),
username=listing.title,
icon_url=(photos.public_url(listing.photos[0], "small")
if listing.photos else None)
)
def claim_listing(listing):
"""
Control the creation of new listings.
"""
# Block inquiries from non-UChicago email addresses.
block(not is_campus_address(listing.seller),
error="Please only post listings with a UChicago email address.")
# Block addresses commonly used for posting spam.
block(is_from_tor())
# Make sure the user only submits a fixed count at given time.
block(is_too_frequent([listing.permalink], [(1, 24 * 3600)]))
block(is_too_frequent([request.remote_addr], [(4, 60)]))
# Send a message to the user with a link to edit the listing.
is_signed_in = signed_in(listing)
email.send_mail(
to=listing.seller,
subject=u"Marketplace Listing \"{}\"".format(listing.title),
html=render_template("email/welcome.html", **locals()),
text=render_template("email/welcome.txt", **locals()),
)
# Inform the moderators about the new listing.
link = url_for("show_listing", permalink=listing.permalink,
key=listing.admin_key, _external=True)
slack.send_chat(
text="Posted by {listing.seller} (<{link}|approve>)".format(**locals()),
username=listing.title,
icon_url=(photos.public_url(listing.photos[0], "small")
if listing.photos else None)
)
def claim_listing(listing):
"""
Control the creation of new listings.
"""
# Block inquiries from non-UChicago email addresses.
block(not is_campus_address(listing.seller),
error="Please only post listings with a UChicago email address.")
# Block addresses commonly used for posting spam.
block(is_from_tor())
# Make sure the user only submits a fixed count at given time.
block(is_too_frequent([listing.permalink], [(1, 24 * 3600)]))
block(is_too_frequent([request.remote_addr], [(4, 60)]))
# Send a message to the user with a link to edit the listing.
is_signed_in = signed_in(listing)
email.send_mail(
to=listing.seller,
subject=u"Marketplace Listing \"{}\"".format(listing.title),
html=render_template("email/welcome.html", **locals()),
text=render_template("email/welcome.txt", **locals()),
)
# Inform the moderators about the new listing.
link = url_for("show_listing",
permalink=listing.permalink,
key=listing.admin_key,
_external=True)
slack.send_chat(
text="Posted by {listing.seller} (<{link}|approve>)".format(
**locals()),
username=listing.title,
icon_url=(photos.public_url(listing.photos[0], "small")
if listing.photos else None))
def show_listing(permalink):
"""View a particular listing and provide links to place an inquiry."""
# Retrieve the listing by key.
listing = helpers.lookup_listing(permalink)
if not listing:
abort(404)
# If the listing isn't yet published, check the URL key and update session.
if request.args.get("key") == listing.admin_key and listing.admin_key:
session["email"] = listing.seller
if not listing.posting_time:
listing.posting_time = time.time()
listing.put()
helpers.invalidate_listing(listing)
flash("Your listing has been published.")
return redirect(url_for("show_listing", permalink=permalink,
q=request.args.get("q")))
# Otherwise, hide the listing.
elif not listing.posting_time:
abort(404)
# Display a form for buyers to place an offer.
buyer_form = forms.BuyerForm()
# Handle submissions on the form.
if buyer_form.validate_on_submit():
buyer = buyer_form.buyer.data
message = buyer_form.message.data
seller = listing.seller
# Track what requests are sent to which people.
helpers.add_inqury(listing, buyer, message)
# Block spam inquiries.
if (buyer.strip() == "*****@*****.**" or
buyer.strip() == "*****@*****.**" or
dos.rate_limit(buyer.strip(), 4, 60) or
dos.rate_limit(request.remote_addr, 4, 60) or
dos.rate_limit(listing.seller, 20, 3600 * 24)):
message = "MESSAGE BLOCKED!\n\n" + str(message)
seller = "*****@*****.**"
# Send a listing to the person.
email.send_mail(
to=seller,
reply_to=buyer,
subject="Re: Marketplace Listing \"{}\"".format(listing.title),
html=render_template("email/inquiry.html", **locals()),
text=render_template("email/inquiry.txt", **locals()),
)
return redirect(url_for("show_listing", permalink=permalink))
# Have the form email default to the value from the session.
if not buyer_form.buyer.data:
buyer_form.buyer.data = session.get("email")
# Display the resulting template.
return render_template("listing_show.html", listing=listing,
buyer_form=buyer_form)
def new_listing():
"""Creates or removes this listing."""
# Populate a form to create a listing.
form = forms.NewListingForm()
# Create a temporary listing so that photos can be uploaded.
listing = entities.Listing(
key_name=str(uuid.uuid4()), # FIXME: add proper permalink generator.
title=form.title.data,
price=int(form.price.data * 100) if form.price.data else 0,
body=form.description.data,
categories=form.categories.data or [],
seller=form.seller.data,
posting_time=(time.time() if session.get("email") else 0.0),
admin_key=str(uuid.uuid4())
)
# Allow uploading and saving the given request.
is_valid = form.validate_on_submit()
if request.method == "POST":
photos = []
for photo in form.photos:
if not photo.data:
continue
image = photo.data["image"]
if not image or(
hasattr(image, "filename") and not image.filename):
continue
photos.append(image)
listing.photos = photos
# Allow anyone to create listings.
if is_valid:
listing.title = form.title.data
listing.body = form.description.data
listing.categories = form.categories.data
listing.price = int(form.price.data * 100)
listing.put()
helpers.invalidate_listing(listing)
# Send the user an email to let them edit the listing.
email.send_mail(
to=listing.seller,
subject="Marketplace Listing \"{}\"".format(listing.title),
html=render_template("email/welcome.html", listing=listing),
text=render_template("email/welcome.txt", listing=listing)
)
# If running locally, print a link to this listing.
print url_for("show_listing", permalink=listing.key().name(),
key=listing.admin_key, _external=True)
# Only allow the user to see the listing if they are signed in.
if session.get("email") == listing.seller:
flash("Your listing has been published.")
return redirect(url_for("show_listing",
permalink=listing.permalink))
else:
flash("Your listing has been created. "
"Click the link in your email to publish it.")
return redirect(url_for("search_listings"))
# Have the form email default to the value from the session.
if not form.seller.data:
form.seller.data = session.get("email")
# Display the photo URL of any uploaded photos.
for index, entry in enumerate(form.photos.entries):
if index < len(listing.photos):
entry["image"].data = listing.photos[index]
else:
entry["image"].data = None
return render_template("listing_form.html", type="New", form=form)
