def confirm(request):
"""Controller for both /buy/confirm/{id} and /buy/confirm URLs,
hence the default value for offerid."""
if not request.method == "POST":
return HttpResponseRedirect('/')
# All our attempts to get an ID failed. Assume the user is
# malicious and redirect away.
offerid = request.POST.get('offer_id')
if not offerid or not offerid.isdigit():
return HttpResponseRedirect('/browse')
try:
offer = Offer.objects.get(id=int(offerid))
except Offer.DoesNotExist:
# Terribly invalid offer ID, inconsistent with our code.
return HttpResponseRedirect(u'/browse')
data = dict(offer=offer)
user, created = User.objects.get_or_create(net_id=request.user.username)
if not user:
url = u'/buy/confirm'
data = dict(header_text=u'Buy a book', redirect_url=url)
return render(request, 'ptx/needlogin.html', data)
# make sure that the offer is open
if offer.status != 'o':
# this shouldn't happen. TODO: do something reasonable
return render(request, "ptx/alreadybought.html", data)
# make sure that the user isn't trying to buy his own book.
if offer.user == user:
return render(request, "ptx/yourownbook.html", data)
return render(request, 'ptx/confirmbuy.html', data)
def confirm(request):
"""Controller for both /buy/confirm/{id} and /buy/confirm URLs,
hence the default value for offerid."""
if not request.method == "POST":
return HttpResponseRedirect('/')
# All our attempts to get an ID failed. Assume the user is
# malicious and redirect away.
offerid = request.POST.get('offer_id')
if not offerid or not offerid.isdigit():
return HttpResponseRedirect('/browse')
try:
offer = Offer.objects.get(id=int(offerid))
except Offer.DoesNotExist:
# Terribly invalid offer ID, inconsistent with our code.
return HttpResponseRedirect(u'/browse')
data = dict(offer=offer)
user, created = User.objects.get_or_create(net_id=request.user.username)
if not user:
url = u'/buy/confirm'
data = dict(header_text=u'Buy a book', redirect_url=url)
return render(request, 'ptx/needlogin.html', data)
# make sure that the offer is open
if offer.status != 'o':
# this shouldn't happen. TODO: do something reasonable
return render(request, "ptx/alreadybought.html", data)
# make sure that the user isn't trying to buy his own book.
if offer.user == user:
return render(request, "ptx/yourownbook.html", data)
return render(request, 'ptx/confirmbuy.html', data)
def buy(request):
"""Controller for /buy. Inputs: user session, an offer ID.
Outputs: a pending offer, a pending request, confirmation emails,
and capitalism."""
buyer, created = User.objects.get_or_create(net_id=request.user.username)
if not buyer:
return render(request, 'ptx/needlogin.html', {
'header_text': 'Buy a book',
'redirect_url': '/'
})
if not request.method == "POST":
return HttpResponseRedirect('/')
offerid = request.POST.get("offer_id")
if not offerid or not offerid.isdigit():
raise PermissionDenied()
try:
offer = Offer.objects.get(id=int(offerid))
except Offer.DoesNotExist:
# Terribly invalid offer ID, inconsistent with our code.
return HttpResponseRedirect(u'/browse')
data = dict(offer=offer)
today = date.today()
# Offers must be open.
if offer.status != 'o':
# this shouldn't happen. TODO: do something reasonable
return render(request, "ptx/alreadybought.html", data)
# Prevent a person from buying his own book.
if offer.user == buyer:
return render(request, "ptx/yourownbook.html", data)
# Change offer to pending.
offer.status = 'p'
offer.date_pending = today
offer.save()
# Check if a request exists already.
requests = Request.objects.filter(
Q(user=buyer)
& Q(status='o')
& Q(book=offer.book))
if len(requests) > 0:
# Update the request instead.
req = requests[0]
req.maxprice = offer.price
req.date_pending = today
req.status = 'p'
req.offer = offer
req.save()
else:
# Otherwise, create a new pending request.
req = Request(user=buyer,
book=offer.book,
status='p',
maxprice=offer.price,
date_open=today,
date_pending=today,
offer=offer)
req.save()
seller = offer.user
# Email the seller. ####################
emailto = [seller.net_id + u"@princeton.edu"]
emailsubject = u"PTX: Your book has been purchased!"
emailfrom = u"*****@*****.**"
buyerclause = u"The buyer"
if len(buyer.first_name) > 0 and len(buyer.last_name) > 0:
args = buyer.first_name, buyer.last_name
buyerclause = u"The buyer, %s %s," % args
buyerdorm = u""
if len(buyer.dorm_name) > 0 and len(buyer.dorm_room) > 0:
args = buyer.dorm_name, buyer.dorm_room
buyerdorm = u"The buyer lives in %s %s. " % args
args = offer.book.title, offer.price, buyerclause, buyer.net_id, buyerdorm
emailmessage = u"""\
Your book "%s" has just been purchased for $%s. %s can be reached at \
<*****@*****.**>. %sPlease contact him or her and complete the \
transaction. Please do not reply to this email; our robots disdain \
communication with humans.""" % args
send_mail(emailsubject, emailmessage, emailfrom, emailto)
# Email the buyer. ####################
emailto = [buyer.net_id + u"@princeton.edu"]
emailsubject = u"PTX: You purchased a book!"
emailfrom = u"*****@*****.**"
sellerclause = u"The seller "
if len(seller.first_name) > 0 and len(seller.last_name) > 0:
args = seller.first_name, seller.last_name
sellerclause = u"The seller, %s %s," % args
sellerdorm = u""
if len(seller.dorm_name) > 0 and len(seller.dorm_room) > 0:
args = seller.dorm_name, seller.dorm_room
sellerdorm = u"The seller lives in %s %s. " % args
args = offer.book.title, offer.price, sellerclause, seller.net_id, sellerdorm
emailmessage = u"""\
You just purchased "%s" for $%s. %s can be reached at \
<*****@*****.**>. %sPlease contact him or her and complete the \
transaction. Please do not reply to this email; our robots have little \
training in the inferior language of "English".""" % args
send_mail(emailsubject, emailmessage, emailfrom, emailto)
# Thank you page. ####################
return render(request, 'ptx/buy.html', data)
def buy(request):
"""Controller for /buy. Inputs: user session, an offer ID.
Outputs: a pending offer, a pending request, confirmation emails,
and capitalism."""
buyer, created = User.objects.get_or_create(net_id=request.user.username)
if not buyer:
return render(request, 'ptx/needlogin.html',
{'header_text': 'Buy a book',
'redirect_url': '/'} )
if not request.method == "POST":
return HttpResponseRedirect('/')
offerid = request.POST.get("offer_id")
if not offerid or not offerid.isdigit():
raise PermissionDenied()
try:
offer = Offer.objects.get(id=int(offerid))
except Offer.DoesNotExist:
# Terribly invalid offer ID, inconsistent with our code.
return HttpResponseRedirect(u'/browse')
data = dict(offer=offer)
today = date.today()
# Offers must be open.
if offer.status != 'o':
# this shouldn't happen. TODO: do something reasonable
return render(request, "ptx/alreadybought.html", data)
# Prevent a person from buying his own book.
if offer.user == buyer:
return render(request, "ptx/yourownbook.html", data)
# Change offer to pending.
offer.status = 'p'
offer.date_pending = today
offer.save()
# Check if a request exists already.
requests = Request.objects.filter(Q(user=buyer)
& Q(status='o')
& Q(book=offer.book))
if len(requests) > 0:
# Update the request instead.
req = requests[0]
req.maxprice = offer.price
req.date_pending = today
req.status = 'p'
req.offer = offer
req.save()
else:
# Otherwise, create a new pending request.
req = Request(user=buyer, book=offer.book, status='p',
maxprice=offer.price, date_open=today,
date_pending=today, offer=offer)
req.save()
seller = offer.user
# Email the seller. ####################
emailto = [seller.net_id + u"@princeton.edu"]
emailsubject = u"PTX: Your book has been purchased!"
emailfrom = u"*****@*****.**"
buyerclause = u"The buyer"
if len(buyer.first_name) > 0 and len(buyer.last_name) > 0:
args = buyer.first_name, buyer.last_name
buyerclause = u"The buyer, %s %s," % args
buyerdorm = u""
if len(buyer.dorm_name) > 0 and len(buyer.dorm_room) > 0:
args = buyer.dorm_name, buyer.dorm_room
buyerdorm = u"The buyer lives in %s %s. " % args
args = offer.book.title, offer.price, buyerclause, buyer.net_id, buyerdorm
emailmessage = u"""\
Your book "%s" has just been purchased for $%s. %s can be reached at \
<*****@*****.**>. %sPlease contact him or her and complete the \
transaction. Please do not reply to this email; our robots disdain \
communication with humans.""" % args
send_mail(emailsubject, emailmessage, emailfrom, emailto)
# Email the buyer. ####################
emailto = [buyer.net_id + u"@princeton.edu"]
emailsubject = u"PTX: You purchased a book!"
emailfrom = u"*****@*****.**"
sellerclause = u"The seller "
if len(seller.first_name) > 0 and len(seller.last_name) > 0:
args = seller.first_name, seller.last_name
sellerclause = u"The seller, %s %s," % args
sellerdorm = u""
if len(seller.dorm_name) > 0 and len(seller.dorm_room) > 0:
args = seller.dorm_name, seller.dorm_room
sellerdorm = u"The seller lives in %s %s. " % args
args = offer.book.title, offer.price, sellerclause, seller.net_id, sellerdorm
emailmessage = u"""\
You just purchased "%s" for $%s. %s can be reached at \
<*****@*****.**>. %sPlease contact him or her and complete the \
transaction. Please do not reply to this email; our robots have little \
training in the inferior language of "English".""" % args
send_mail(emailsubject, emailmessage, emailfrom, emailto)
# Thank you page. ####################
return render(request, 'ptx/buy.html', data)
