def request_to_buy(request): user = request.user try: ticket = Ticket.objects.get(pk=request.POST.get('ticket_id')) except Ticket.DoesNotExist: raise Http404() # Do this validation again... if not Request.can_request(ticket, user) or Request.requested_other_ticket_same_time(user, ticket): return ajax_http(False, 400) if ticket.poster == user: logging.warning('User cannot request to buy their own ticket') return ajax_http(False, 400) # Get the token and card that stripe sent us token = request.POST.get('token') card_id = request.POST.get('card_id') if not token or not card_id: logging.info('Request to buy submitted without Stripe token for {}'.format(user)) return ajax_other_message('Your request was unable to be processed. Our developers are on it!', 400) try: customer, card = create_customer_and_card(user, token, card_id) except StripeError as e: logging.critical('Request creation failed') return ajax_other_message('Your request was unable to be processed. Our developers are on it', 400) Request.objects.create_request(ticket, user, card) return ajax_other_message('Your request to buy has been submitted. ' 'Your card will be charged if the seller accepts your request.', 200)
def submit_ticket(request): # If the form has been submitted by the user if request.method == 'POST': submit_ticket_form = SubmitTicketForm(request.POST) #Determine which form the user submitted. if submit_ticket_form.is_valid(): user = request.user title = submit_ticket_form.cleaned_data.get('title') price = submit_ticket_form.cleaned_data.get('price') location_raw = submit_ticket_form.cleaned_data.get('location_raw') location = submit_ticket_form.cleaned_data.get('location') venue = submit_ticket_form.cleaned_data.get('venue') start_datetime = submit_ticket_form.cleaned_data.get( 'start_datetime') ticket_type = submit_ticket_form.cleaned_data.get('ticket_type') payment_method = submit_ticket_form.cleaned_data.get( 'payment_method', 'G') # TODO Assume good faith since # lean launch won't have secure about = submit_ticket_form.cleaned_data.get( 'about') or '' # Might be empty token = submit_ticket_form.cleaned_data.get('token') card_id = submit_ticket_form.cleaned_data.get('card_id') try: customer, card = create_customer_and_card(user, token, card_id) except StripeError as e: logging.critical('Ticket creation failed') return ajax_other_message( 'Uh oh, it looks like our server broke! Our developers are on it.', 400) Ticket.objects.create_ticket( poster=request.user, price=price, title=title, about=about, start_datetime=start_datetime, location_raw=location_raw, location=location, ticket_type=ticket_type, payment_method=payment_method, card=card, status='P', venue=venue, ) return ajax_popup_notification( 'success', 'Your ticket was successfully submitted! ' 'It will become visible to others shortly.', 200) # If the user ignored out javascript validation and sent an invalid form, send back an error. # We don't actually specify what the form error was (unless it was a non_field error that we couldn't validate # on the front end). This is okay because our app requires JS to be enabled. # If the user managed to send us an aysynch request xwith JS disabled, they aren't using the site as designed. # eg., possibly a malicious user. No need to repeat the form pretty validation already done on the front end. else: return ajax_http( **non_field_errors_notification(submit_ticket_form)) return render(request, 'tickets/submit_ticket.html', {'form_settings': ticket_submit_form_settings})
def submit_ticket(request): # If the form has been submitted by the user if request.method == 'POST': submit_ticket_form = SubmitTicketForm(request.POST) #Determine which form the user submitted. if submit_ticket_form.is_valid(): user = request.user title = submit_ticket_form.cleaned_data.get('title') price = submit_ticket_form.cleaned_data.get('price') location_raw = submit_ticket_form.cleaned_data.get('location_raw') location = submit_ticket_form.cleaned_data.get('location') venue = submit_ticket_form.cleaned_data.get('venue') start_datetime = submit_ticket_form.cleaned_data.get('start_datetime') ticket_type = submit_ticket_form.cleaned_data.get('ticket_type') payment_method = submit_ticket_form.cleaned_data.get('payment_method', 'G') # TODO Assume good faith since # lean launch won't have secure about = submit_ticket_form.cleaned_data.get('about') or '' # Might be empty token = submit_ticket_form.cleaned_data.get('token') card_id = submit_ticket_form.cleaned_data.get('card_id') try: customer, card = create_customer_and_card(user, token, card_id) except StripeError as e: logging.critical('Ticket creation failed') return ajax_other_message('Uh oh, it looks like our server broke! Our developers are on it.', 400) Ticket.objects.create_ticket(poster=request.user, price=price, title=title, about=about, start_datetime=start_datetime, location_raw=location_raw, location=location, ticket_type=ticket_type, payment_method=payment_method, card=card, status='P', venue=venue, ) return ajax_popup_notification('success', 'Your ticket was successfully submitted! ' 'It will become visible to others shortly.', 200) # If the user ignored out javascript validation and sent an invalid form, send back an error. # We don't actually specify what the form error was (unless it was a non_field error that we couldn't validate # on the front end). This is okay because our app requires JS to be enabled. # If the user managed to send us an aysynch request xwith JS disabled, they aren't using the site as designed. # eg., possibly a malicious user. No need to repeat the form pretty validation already done on the front end. else: return ajax_http(**non_field_errors_notification(submit_ticket_form)) return render(request, 'tickets/submit_ticket.html', {'form_settings': ticket_submit_form_settings} )