def show_listing(permalink): """View a particular listing and provide links to place an inquiry.""" # Retrieve the listing by key. listing = helpers.lookup_listing(permalink) if not listing: abort(404) # If the listing isn't yet published, check the URL key and update session. if request.args.get("key") == listing.admin_key and listing.admin_key: session["email"] = listing.seller if not listing.posting_time: listing.posting_time = time.time() listing.put() helpers.invalidate_listing(listing) flash("Your listing has been published.") return redirect( url_for("show_listing", permalink=permalink, q=request.args.get("q"))) # Otherwise, hide the listing. elif not listing.posting_time: abort(404) # Display a form for buyers to place an offer. buyer_form = forms.BuyerForm() buyer = buyer_form.buyer.data message = buyer_form.message.data seller = listing.seller # Validate emails with the submission of the form. buyer_form.post_validate = ( lambda: policy.place_inquiry(listing, buyer, message)) # Handle submissions on the form. if buyer_form.validate_on_submit(): # Track what requests are sent to which people. helpers.add_inqury(listing, buyer, message) # Provide a flash message. flash("Your inquiry has been sent.") return redirect(url_for("show_listing", permalink=permalink)) # Have the form email default to the value from the session. if not buyer_form.buyer.data: buyer_form.buyer.data = session.get("email") # Display the resulting template. return render_template("listing_show.html", listing=listing, buyer_form=buyer_form)
def show_listing(permalink): """View a particular listing and provide links to place an inquiry.""" # Retrieve the listing by key. listing = helpers.lookup_listing(permalink) if not listing: abort(404) # If the listing isn't yet published, check the URL key and update session. if request.args.get("key") == listing.admin_key and listing.admin_key: session["email"] = listing.seller if not listing.posting_time: listing.posting_time = time.time() listing.put() helpers.invalidate_listing(listing) flash("Your listing has been published.") return redirect(url_for("show_listing", permalink=permalink, q=request.args.get("q"))) # Otherwise, hide the listing. elif not listing.posting_time: abort(404) # Display a form for buyers to place an offer. buyer_form = forms.BuyerForm() buyer = buyer_form.buyer.data message = buyer_form.message.data seller = listing.seller # Validate emails with the submission of the form. buyer_form.post_validate = ( lambda: policy.place_inquiry(listing, buyer, message)) # Handle submissions on the form. if buyer_form.validate_on_submit(): # Track what requests are sent to which people. helpers.add_inqury(listing, buyer, message) # Provide a flash message. flash("Your inquiry has been sent.") return redirect(url_for("show_listing", permalink=permalink)) # Have the form email default to the value from the session. if not buyer_form.buyer.data: buyer_form.buyer.data = session.get("email") # Display the resulting template. return render_template("listing_show.html", listing=listing, buyer_form=buyer_form)
def test_inquiries(): ent = entities.Listing(title="car", key_name="entfortest") ent.put() helpers.add_inqury(ent, "e@mail", "foobar") helpers.add_inqury(ent, "e@mail", "foobar") helpers.add_inqury(ent, "e2@mail", "foobar") ent = helpers.lookup_listing("entfortest") assert set(ent.buyers) == set(["e@mail", "e2@mail"]) assert len(ent.buyers) == 2
def show_listing(permalink): """View a particular listing and provide links to place an inquiry.""" # Retrieve the listing by key. listing = helpers.lookup_listing(permalink) if not listing: abort(404) # If the listing isn't yet published, check the URL key and update session. if request.args.get("key") == listing.admin_key and listing.admin_key: session["email"] = listing.seller if not listing.posting_time: listing.posting_time = time.time() listing.put() helpers.invalidate_listing(listing) flash("Your listing has been published.") return redirect(url_for("show_listing", permalink=permalink, q=request.args.get("q"))) # Otherwise, hide the listing. elif not listing.posting_time: abort(404) # Display a form for buyers to place an offer. buyer_form = forms.BuyerForm() # Handle submissions on the form. if buyer_form.validate_on_submit(): buyer = buyer_form.buyer.data message = buyer_form.message.data seller = listing.seller # Track what requests are sent to which people. helpers.add_inqury(listing, buyer, message) # Block spam inquiries. if (buyer.strip() == "*****@*****.**" or buyer.strip() == "*****@*****.**" or dos.rate_limit(buyer.strip(), 4, 60) or dos.rate_limit(request.remote_addr, 4, 60) or dos.rate_limit(listing.seller, 20, 3600 * 24)): message = "MESSAGE BLOCKED!\n\n" + str(message) seller = "*****@*****.**" # Send a listing to the person. email.send_mail( to=seller, reply_to=buyer, subject="Re: Marketplace Listing \"{}\"".format(listing.title), html=render_template("email/inquiry.html", **locals()), text=render_template("email/inquiry.txt", **locals()), ) return redirect(url_for("show_listing", permalink=permalink)) # Have the form email default to the value from the session. if not buyer_form.buyer.data: buyer_form.buyer.data = session.get("email") # Display the resulting template. return render_template("listing_show.html", listing=listing, buyer_form=buyer_form)