def test_lookups(): a = entities.Listing(title="lista", body="ba", key_name="foo") a.put() assert helpers.lookup_listing("foo").title == "lista" a.title = "listb" a.put() assert helpers.lookup_listing("foo").title == "lista" helpers.invalidate_listing(a) assert helpers.lookup_listing("foo").title == "listb"
def claim_listing(permalink): """Allow a seller to claim a listing whose email they have lost.""" # Look up the existing listing used for this person. listing = helpers.lookup_listing(permalink) if not listing: abort(404) # Prevent button spamming. seller = listing.seller title = listing.title if (dos.rate_limit(listing.seller, 4, 60) or dos.rate_limit(listing.key().name, 2, 60)): seller = "*****@*****.**" title = "SPAM REQUEST: " + listing.title # Send the user an email to let them edit the listing. email.send_mail( to=seller, subject="Marketplace Listing \"{}\"".format(title), html=render_template("email/welcome.html", listing=listing), text=render_template("email/welcome.txt", listing=listing) ) flash("We've emailed you a link to edit this listing.") return redirect(url_for("show_listing", permalink=listing.permalink))
def edit_listing(permalink): """Allow a seller to update or unpublish a listing.""" # Retrieve the listing by key. listing = helpers.lookup_listing(permalink) if not listing: abort(404) form = forms.EditListingForm() # Prevent non-creators from editing a listing. if session.get("email") != listing.seller or not session["email"]: abort(403) # Allow the author of a listing to unpublish it. if request.form.get("unpublish"): listing.posting_time = 0.0 listing.put() helpers.invalidate_listing(listing) return redirect("/") # Upload photos after validate_on_submit(), even if other fields in the form # are invalid. is_valid = form.validate_on_submit() if request.method == "POST": photos = [] for photo in form.photos: if not photo.data: continue image = photo.data["image"] if not image or (hasattr(image, "filename") and not image.filename): continue photos.append(image) listing.photos = photos # Allow authors to edit listings. if is_valid: listing.title = form.title.data listing.body = form.description.data listing.categories = form.categories.data listing.price = int(form.price.data * 100) listing.put() helpers.invalidate_listing(listing) return redirect(url_for("show_listing", permalink=listing.permalink)) # Display an edit form. form.title.data = listing.title form.description.data = listing.body form.categories.data = listing.categories form.price.data = listing.price / 100.0 for index, entry in enumerate(form.photos.entries): if index < len(listing.photos): entry["image"].data = listing.photos[index] else: entry["image"].data = None return render_template("listing_form.html", type="Edit", form=form)
def claim_listing(permalink): """Allow a seller to claim a listing whose email they have lost.""" # Look up the existing listing used for this person. listing = helpers.lookup_listing(permalink) if not listing: abort(404) # Prevent button spamming. seller = listing.seller title = listing.title if dos.rate_limit(listing.seller, 4, 60) or dos.rate_limit(listing.key().name, 2, 60): seller = "*****@*****.**" title = "SPAM REQUEST: " + listing.title # Send the user an email to let them edit the listing. message = sendgrid.Mail() message.set_from("Marketplace Team <*****@*****.**>") message.add_to(seller) message.set_subject('Marketplace Listing "{}"'.format(title)) message.set_html(render_template("email/welcome.html", listing=listing)) message.set_text(render_template("email/welcome.txt", listing=listing)) config.send_grid_client.send(message) flash("We've emailed you a link to edit this listing.") return redirect(url_for("show_listing", permalink=listing.permalink))
def run_integration_test(): """Ensures that this version of Marketplace mostly works.""" def opener(url): """Stub to map network activity to a local directory.""" path = "{}/fixtures{}".format(os.path.dirname(__file__), urlparse.urlparse(url).path) return open(path) # Migrate a listing from the old site. replication.pull_from_old_marketplace("listing-a", _urlopen=opener) # Verify that the listing was created. data = helpers.lookup_listing("listing-a") if (data.key().name() != "listing-a" or data.title != "my fancy sublet" or data.body != "description here" or data.price != 123456 or len(data.photos) != 2 or data.posting_time != 1441609780.0 or data.seller != "*****@*****.**"): raise ValueError("migration failed") return "ok"
def show_listing(permalink): """View a particular listing and provide links to place an inquiry.""" # Retrieve the listing by key. listing = helpers.lookup_listing(permalink) if not listing: abort(404) # If the listing isn't yet published, check the URL key and update session. if request.args.get("key") == listing.admin_key and listing.admin_key: session["email"] = listing.seller if not listing.posting_time: listing.posting_time = time.time() listing.put() helpers.invalidate_listing(listing) flash("Your listing has been published.") return redirect( url_for("show_listing", permalink=permalink, q=request.args.get("q"))) # Otherwise, hide the listing. elif not listing.posting_time: abort(404) # Display a form for buyers to place an offer. buyer_form = forms.BuyerForm() buyer = buyer_form.buyer.data message = buyer_form.message.data seller = listing.seller # Validate emails with the submission of the form. buyer_form.post_validate = ( lambda: policy.place_inquiry(listing, buyer, message)) # Handle submissions on the form. if buyer_form.validate_on_submit(): # Track what requests are sent to which people. helpers.add_inqury(listing, buyer, message) # Provide a flash message. flash("Your inquiry has been sent.") return redirect(url_for("show_listing", permalink=permalink)) # Have the form email default to the value from the session. if not buyer_form.buyer.data: buyer_form.buyer.data = session.get("email") # Display the resulting template. return render_template("listing_show.html", listing=listing, buyer_form=buyer_form)
def api_one_listing(permalink): """Display a single listing matching the given query.""" # Parse filtering options from query. listing = helpers.lookup_listing(permalink) if not listing or not listing.posting_time: abort(404) # Return JSON if requested. return jsonify(_externalize(listing))
def test_inquiries(): ent = entities.Listing(title="car", key_name="entfortest") ent.put() helpers.add_inqury(ent, "e@mail", "foobar") helpers.add_inqury(ent, "e@mail", "foobar") helpers.add_inqury(ent, "e2@mail", "foobar") ent = helpers.lookup_listing("entfortest") assert set(ent.buyers) == set(["e@mail", "e2@mail"]) assert len(ent.buyers) == 2
def show_listing(permalink): """View a particular listing and provide links to place an inquiry.""" # Retrieve the listing by key. listing = helpers.lookup_listing(permalink) if not listing: abort(404) # If the listing isn't yet published, check the URL key and update session. if request.args.get("key") == listing.admin_key and listing.admin_key: session["email"] = listing.seller if not listing.posting_time: listing.posting_time = time.time() listing.put() helpers.invalidate_listing(listing) flash("Your listing has been published.") return redirect(url_for("show_listing", permalink=permalink, q=request.args.get("q"))) # Otherwise, hide the listing. elif not listing.posting_time: abort(404) # Display a form for buyers to place an offer. buyer_form = forms.BuyerForm() buyer = buyer_form.buyer.data message = buyer_form.message.data seller = listing.seller # Validate emails with the submission of the form. buyer_form.post_validate = ( lambda: policy.place_inquiry(listing, buyer, message)) # Handle submissions on the form. if buyer_form.validate_on_submit(): # Track what requests are sent to which people. helpers.add_inqury(listing, buyer, message) # Provide a flash message. flash("Your inquiry has been sent.") return redirect(url_for("show_listing", permalink=permalink)) # Have the form email default to the value from the session. if not buyer_form.buyer.data: buyer_form.buyer.data = session.get("email") # Display the resulting template. return render_template("listing_show.html", listing=listing, buyer_form=buyer_form)
def claim_listing(permalink): """Allow a seller to claim a listing whose email they have lost.""" # Look up the existing listing used for this person. listing = helpers.lookup_listing(permalink) if not listing: abort(404) # Follow policy when sending an email to the user. try: policy.claim_listing(listing) except ValidationError, e: flash(str(e), "danger")
def show_listing(permalink): """View a particular listing and provide links to place an inquiry.""" # Retrieve the listing by key. listing = helpers.lookup_listing(permalink) if not listing: abort(404) # If the listing isn't yet published, check the URL key and update session. if request.args.get("key") == listing.admin_key and listing.admin_key: session["email"] = listing.seller if not listing.posting_time: listing.posting_time = time.time() listing.put() helpers.invalidate_listing(listing) flash("Your listing has been published.") return redirect(url_for("show_listing", permalink=permalink, q=request.args.get("q"))) # Otherwise, hide the listing. elif not listing.posting_time: abort(404) # Display a form for buyers to place an offer. buyer_form = forms.BuyerForm() # Handle submissions on the form. if buyer_form.validate_on_submit(): buyer = buyer_form.buyer.data message = buyer_form.message.data seller = listing.seller # Track what requests are sent to which people. helpers.add_inqury(listing, buyer, message) # Block spam inquiries. if (buyer.strip() == "*****@*****.**" or buyer.strip() == "*****@*****.**" or dos.rate_limit(buyer.strip(), 4, 60) or dos.rate_limit(request.remote_addr, 4, 60) or dos.rate_limit(listing.seller, 20, 3600 * 24)): message = "MESSAGE BLOCKED!\n\n" + str(message) seller = "*****@*****.**" # Send a listing to the person. email.send_mail( to=seller, reply_to=buyer, subject="Re: Marketplace Listing \"{}\"".format(listing.title), html=render_template("email/inquiry.html", **locals()), text=render_template("email/inquiry.txt", **locals()), ) return redirect(url_for("show_listing", permalink=permalink)) # Have the form email default to the value from the session. if not buyer_form.buyer.data: buyer_form.buyer.data = session.get("email") # Display the resulting template. return render_template("listing_show.html", listing=listing, buyer_form=buyer_form)