def add_comment(cls,
pid: int,
user_id: int,
message: str,
cid: int = None,
message_id: int = None,
automated=False):
from flask.ext.login import current_user
from funding.factory import db_session
if not message:
raise Exception("empty message")
if current_user.id != user_id and not current_user.admin:
raise Exception("no rights to add or modify this comment")
if not message_id:
proposal = Proposal.find_by_id(pid=pid)
if not proposal:
raise Exception("no proposal by that id")
comment = Comment(user_id=user_id,
proposal_id=proposal.id,
automated=automated)
if cid:
parent = Comment.find_by_id(cid=cid)
if not parent:
raise Exception("cannot reply to a non-existent comment")
comment.replied_to = parent.id
else:
try:
user = db_session.query(User).filter(
User.id == user_id).first()
if not user:
raise Exception("no user by that id")
comment = next(c for c in user.comments if c.id == message_id)
if comment.locked and not current_user.admin:
raise Exception("your comment has been locked/removed")
except StopIteration:
raise Exception("no message by that id")
except:
raise Exception("unknown error")
try:
comment.message = message
db_session.add(comment)
db_session.commit()
db_session.flush()
except Exception as ex:
db_session.rollback()
raise Exception(str(ex))
return comment
def add(cls, proposal_id, amount, to_address):
# @TODO: validate that we can make this payout; check previous payouts
from flask.ext.login import current_user
if not current_user.admin:
raise Exception("user must be admin to add a payout")
from funding.factory import db_session
try:
payout = Payout(propsal_id=proposal_id, amount=amount, to_address=to_address)
db_session.add(payout)
db_session.commit()
db_session.flush()
return payout
except Exception as ex:
db_session.rollback()
raise
def add(cls, username, password, email):
from funding.factory import db_session
from funding.validation import val_username, val_email
try:
# validate incoming username/email
val_username(username)
val_email(email)
user = User(username, password, email)
db_session.add(user)
db_session.commit()
db_session.flush()
return user
except Exception as ex:
db_session.rollback()
raise
def proposal_api_add(title, content, pid, funds_target, addr_receiving, category, status):
import markdown2
if current_user.is_anonymous:
return make_response(jsonify('err'), 500)
if len(title) <= 8:
return make_response(jsonify('title too short'), 500)
if len(content) <= 20:
return make_response(jsonify('content too short'), 500)
if category and category not in settings.FUNDING_CATEGORIES:
return make_response(jsonify('unknown category'), 500)
if status not in settings.FUNDING_STATUSES.keys():
make_response(jsonify('unknown status'), 500)
if status != 1 and not current_user.admin:
return make_response(jsonify('no rights to change status'), 500)
try:
from funding.bin.anti_xss import such_xss
content_escaped = such_xss(content)
html = markdown2.markdown(content_escaped, safe_mode=True)
except Exception as ex:
return make_response(jsonify('markdown error'), 500)
if pid:
p = Proposal.find_by_id(pid=pid)
if not p:
return make_response(jsonify('proposal not found'), 500)
if p.user.id != current_user.id and not current_user.admin:
return make_response(jsonify('no rights to edit this proposal'), 500)
p.headline = title
p.content = content
p.html = html
if addr_receiving:
p.addr_receiving = addr_receiving
if category:
p.category = category
# detect if an admin moved a proposal to a new status and auto-comment
if p.status != status and current_user.admin:
msg = "Moved to status \"%s\"." % settings.FUNDING_STATUSES[status].capitalize()
try:
Comment.add_comment(user_id=current_user.id, message=msg, pid=pid, automated=True)
except:
pass
p.status = status
p.last_edited = datetime.now()
else:
try:
funds_target = float(funds_target)
except Exception as ex:
return make_response(jsonify('letters detected'),500)
if funds_target < 1:
return make_response(jsonify('Proposal asking less than 1 error :)'), 500)
if len(addr_receiving) != 95:
return make_response(jsonify('Faulty address, should be of length 95'), 500)
p = Proposal(headline=title, content=content, category='misc', user=current_user)
proposalID = current_user
addr_donation = Proposal.generate_proposal_subaccount(proposalID)
p.addr_donation = addr_donation
p.html = html
p.last_edited = datetime.now()
p.funds_target = funds_target
p.addr_receiving = addr_receiving
p.category = category
p.status = status
db_session.add(p)
db_session.commit()
db_session.flush()
# reset cached statistics
from funding.bin.utils import Summary
Summary.fetch_stats(purge=True)
return make_response(jsonify({'url': url_for('proposal', pid=p.id)}))
