def _is_ratelimited(request):
"""Ratelimiting helper for kbforum threads and replies.
They are ratelimited together with the same key.
"""
return (
is_ratelimited(request, increment=True, rate='4/m', ip=False,
keys=user_or_ip('kbforum-post-min')) or
is_ratelimited(request, increment=True, rate='50/d', ip=False,
keys=user_or_ip('kbforum-post-day')))
def _is_ratelimited(request):
"""Ratelimiting helper for kbforum threads and replies.
They are ratelimited together with the same key.
"""
return (is_ratelimited(request,
increment=True,
rate='4/m',
ip=False,
keys=user_or_ip('kbforum-post-min'))
or is_ratelimited(request,
increment=True,
rate='50/d',
ip=False,
keys=user_or_ip('kbforum-post-day')))
def new_message(request, template):
"""Send a new private message."""
to = request.GET.get('to')
if to:
try:
User.objects.get(username=to)
except User.DoesNotExist:
contrib_messages.add_message(
request, contrib_messages.ERROR,
_('Invalid username provided. Enter a new username below.'))
return HttpResponseRedirect(reverse('messages.new'))
form = MessageForm(request.POST or None, initial={'to': to})
if (request.method == 'POST' and form.is_valid()
and not is_ratelimited(request,
increment=True,
rate='50/d',
ip=False,
keys=user_or_ip('private-message-day'))):
send_message(form.cleaned_data['to'], form.cleaned_data['message'],
request.user)
if form.cleaned_data['in_reply_to']:
irt = form.cleaned_data['in_reply_to']
try:
m = InboxMessage.objects.get(pk=irt, to=request.user)
m.update(replied=True)
except InboxMessage.DoesNotExist:
pass
contrib_messages.add_message(request, contrib_messages.SUCCESS,
_('Your message was sent!'))
return HttpResponseRedirect(reverse('messages.inbox'))
return render(request, template, {'form': form})
document = get_object_or_404(Document, **kwargs)
data = json.dumps({
'id': document.id,
'locale': document.locale,
'slug': document.slug,
'title': document.title,
'summary': document.current_revision.summary,
'url': document.get_absolute_url(),
})
return HttpResponse(data, mimetype='application/json')
@require_POST
@csrf_exempt
@ratelimit(keys=user_or_ip('document-vote'), ip=False, rate='10/d')
def helpful_vote(request, document_slug):
"""Vote for Helpful/Not Helpful document"""
if 'revision_id' not in request.POST:
return HttpResponseBadRequest()
revision = get_object_or_404(
Revision, id=smart_int(request.POST['revision_id']))
survey = None
if revision.document.category == TEMPLATES_CATEGORY:
return HttpResponseBadRequest()
if not revision.has_voted(request):
ua = request.META.get('HTTP_USER_AGENT', '')[:1000] # 1000 max_length
vote = HelpfulVote(revision=revision, user_agent=ua)
document = get_object_or_404(Document, **kwargs)
data = json.dumps({
'id': document.id,
'locale': document.locale,
'slug': document.slug,
'title': document.title,
'summary': document.current_revision.summary,
'url': document.get_absolute_url(),
})
return HttpResponse(data, mimetype='application/json')
@require_POST
@csrf_exempt
@ratelimit(keys=user_or_ip('document-vote'), ip=False, rate='10/d')
def helpful_vote(request, document_slug):
"""Vote for Helpful/Not Helpful document"""
if 'revision_id' not in request.POST:
return HttpResponseBadRequest()
revision = get_object_or_404(
Revision, id=smart_int(request.POST['revision_id']))
survey = None
if revision.document.category == TEMPLATES_CATEGORY:
return HttpResponseBadRequest()
if not revision.has_voted(request):
ua = request.META.get('HTTP_USER_AGENT', '')[:1000] # 1000 max_length
vote = HelpfulVote(revision=revision, user_agent=ua)
