Exemple #1
0
class UserAbuseSerializer(BaseAbuseSerializer):
    user = SplitField(
        serializers.PrimaryKeyRelatedField(queryset=UserProfile.objects),
        UserSerializer())

    class Meta(BaseAbuseSerializer.Meta):
        fields = BaseAbuseSerializer.Meta.fields + ('user',)
Exemple #2
0
class BaseAbuseSerializer(serializers.ModelSerializer):
    text = serializers.CharField(source='message')
    ip_address = serializers.CharField(required=False)
    reporter = SplitField(serializers.PrimaryKeyRelatedField(required=False),
                          UserSerializer())

    def save(self, force_insert=False):
        serializers.ModelSerializer.save(self)
        del self.data['ip_address']
        return self.object
Exemple #3
0
class BaseAbuseSerializer(PotatoCaptchaSerializer,
                          serializers.ModelSerializer):
    text = serializers.CharField(source='message')
    reporter = SplitField(serializers.PrimaryKeyRelatedField(required=False),
                          UserSerializer())

    class Meta:
        model = AbuseReport
        fields = ('text', 'reporter')

    def validate(self, attrs):
        request = self.context['request']
        if request.user.is_authenticated():
            attrs['reporter'] = request.user
        else:
            attrs['reporter'] = None
        attrs['ip_address'] = request.META.get('REMOTE_ADDR', '')
        return super(BaseAbuseSerializer, self).validate(attrs)
Exemple #4
0
class UserAbuseSerializer(BaseAbuseSerializer):
    user = SplitField(serializers.PrimaryKeyRelatedField(), UserSerializer())

    class Meta:
        model = AbuseReport
        fields = ('text', 'ip_address', 'reporter', 'user')
Exemple #5
0
class RatingSerializer(serializers.ModelSerializer):
    app = SplitField(
        SlugOrPrimaryKeyRelatedField(slug_field='app_slug',
                                     queryset=Webapp.objects.all(),
                                     source='addon'),
        serializers.HyperlinkedRelatedField(view_name='app-detail',
                                            read_only=True, source='addon'))
    body = serializers.CharField()
    user = UserSerializer(read_only=True)
    report_spam = serializers.SerializerMethodField('get_report_spam_link')
    resource_uri = serializers.HyperlinkedIdentityField(
        view_name='ratings-detail')
    is_author = serializers.SerializerMethodField('get_is_author')
    has_flagged = serializers.SerializerMethodField('get_has_flagged')
    version = SimpleVersionSerializer(read_only=True)
    lang = serializers.SerializerMethodField('get_lang')

    class Meta:
        model = Review
        fields = ('app', 'body', 'created', 'has_flagged', 'is_author', 'lang',
                  'modified', 'rating', 'report_spam', 'resource_uri', 'user',
                  'version')

    def __init__(self, *args, **kwargs):
        super(RatingSerializer, self).__init__(*args, **kwargs)
        if 'request' in self.context:
            self.request = self.context['request']
        else:
            self.request = None

        if 'view' in self.context and hasattr(self.context['view'], 'app'):
            self.app = self.context['view'].app

        if not self.request or not self.request.user.is_authenticated():
            self.fields.pop('is_author')
            self.fields.pop('has_flagged')

        if self.request and self.request.method in ('PUT', 'PATCH'):
            # Don't let users modify 'app' field at edit time
            self.fields['app'].read_only = True

    def to_native(self, obj):
        # When we have an `app` set on the serializer, we know it's because the
        # view was filtering on this app, so we can safely overwrite the
        # `addon` property on the instance with it, saving some costly queries.
        app = getattr(self, 'app', None)
        if app is not None:
            obj.addon = app
        return super(RatingSerializer, self).to_native(obj)

    def get_report_spam_link(self, obj):
        return reverse('ratings-flag', kwargs={'pk': obj.pk})

    def get_is_author(self, obj):
        return obj.user.pk == self.request.user.pk

    def get_has_flagged(self, obj):
        return (not self.get_is_author(obj) and
                obj.reviewflag_set.filter(user=self.request.user).exists())

    def get_lang(self, obj):
        if obj.pk is None:
            return self.request.LANG
        else:
            return obj.lang

    def validate(self, attrs):
        if not getattr(self, 'object'):
            # If we are creating a rating, then we need to do various checks on
            # the app. Because these checks need the version as well, we have
            # to do them here and not in validate_app().

            # Assign user and ip_address. It won't change once the review is
            # created.
            user = self.request.user
            attrs['user'] = user
            attrs['ip_address'] = self.request.META.get('REMOTE_ADDR', '')
            guessed_lang = guess_language(attrs['body'])
            if guessed_lang is None:
                attrs['lang'] = user.lang
            else:
                attrs['lang'] = guessed_lang

            # If the app is packaged, add in the current version.
            if attrs['addon'].is_packaged:
                attrs['version'] = attrs['addon'].current_version

            # Return 409 if the user has already reviewed this app.
            app = attrs['addon']
            qs = self.context['view'].queryset.filter(addon=app, user=user)
            if app.is_packaged:
                qs = qs.filter(version=attrs['version'])
            if qs.exists():
                raise Conflict('You have already reviewed this app.')

            # Return 403 is the app is not public.
            if not app.is_public():
                raise PermissionDenied('The app requested is not public.')

            # Return 403 if the user is attempting to review their own app.
            if app.has_author(user):
                raise PermissionDenied('You may not review your own app.')

            # Return 403 if not a free app and the user hasn't purchased it.
            if app.is_premium() and not app.is_purchased(user):
                raise PermissionDenied("You may not review paid apps you "
                                       "haven't purchased.")

            # Return 403 if the app is not available in the current region.
            current_region = get_region()
            if not app.listed_in(region=current_region):
                raise PermissionDenied('App not available in region "%s".' %
                                       current_region.slug)

        return attrs

    def validate_app(self, attrs, source):
        # Don't allow users to change the app on an existing rating.
        if getattr(self, 'object'):
            attrs[source] = self.object.addon
        return attrs

    def validate_rating(self, attrs, source):
        # Don't allow user to submit rating outside the range
        valid_ratings = [1, 2, 3, 4, 5]

        # ensure rating key is present
        if source not in attrs:
            raise serializers.ValidationError("Rating key is required")

        value = attrs[source]
        rating = int(value) if value else value

        # ensure rating is in desired range
        if rating not in valid_ratings:
            raise serializers.ValidationError("Rating must be between 1-5")

        return attrs
Exemple #6
0
class UserAbuseSerializer(BaseAbuseSerializer):
    user = SplitField(serializers.PrimaryKeyRelatedField(), UserSerializer())

    class Meta(BaseAbuseSerializer.Meta):
        fields = BaseAbuseSerializer.Meta.fields + ('user',)