def delete(request):
response = {
'status':'FAIL',
'error':'ACCESS_FORBIDDEN'
}
userID = request.session.get('id', False)
if request.POST and userID:
urlHelper = UrlHelper()
params = urlHelper.validate(request.POST, {'id'})
user = User.objects.get(id = userID)
if params == False:
response = {
'status':'FAIL',
'error':'BAD_REQUEST'
}
else:
post = Post.objects.get(id = params['id'], claimer = None, owner = user)
if post:
post.delete()
response = {
'status':'OK'
}
else:
response = {
'status':'FAIL',
'error':'INVALID_POST'
}
return HttpResponse(json.dumps(response))
def login(request):
response = {
'status':'FAIL',
'error':'ACCESS_FORBIDDEN',
}
if request.method == 'GET' and request.GET is not None and not request.session.has_key('id'):
urlHelper = UrlHelper()
params = urlHelper.validate(request.GET, {'email', 'password'})
if params == False:
response = {
'status':'FAIL',
'error':'BAD_REQUEST'
}
else:
hashHelper = HashHelper()
user = User.objects.filter(email = params['email'], password = hashHelper.password(params['password']))
if user.count() == 0:
response = {
'status':'FAIL',
'error':'INCORRECT_COMBO'
}
else:
user = user[0]
request.session['id'] = user.id
request.session['type'] = 'individual'
response = {
'status':'OK'
}
return HttpResponse(json.dumps(response))
def fbAuth(request):
response = {
'status':'FAIL',
'error':'ACCESS_FORBIDDEN'
}
if request.POST:
urlHelper = UrlHelper()
params = urlHelper.validate(request.POST, {'accessToken'})
if params == False:
response = {
'status':'FAIL',
'error':'BAD_REQUEST'
}
else:
fb = facebook.GraphAPI(params['accessToken'])
try:
fbUserProfile = fb.get_object('me')
except facebook.GraphAPIError as graphError:
response = {
'status':'FAIL',
'error':'INVALID_OAUTH_TOKEN'
}
else:
user = User.objects.filter(facebook__fbid = fbUserProfile['id'])
if user.count() > 0:
user = user[0]
request.session['id'] = user.id
request.session['type'] = 'individual'
response = {
'status':'OK'
}
else:
userProfile = User_profile(
display_name = fbUserProfile['name']
)
userProfile.save()
fbProf = User_facebook(
fbid = fbUserProfile['id'],
access_token = params['accessToken']
)
fbProf.save()
user = User(
email = fbUserProfile['email'] if fbUserProfile.has_key('email') else None,
last_login = datetime.now(),
profile = userProfile,
facebook = fbProf
)
user.save()
request.session['id'] = user.id
request.session['type'] = 'individual'
response = {
'status':'OK'
}
return HttpResponse(json.dumps(response))
def post(request):
response = {
'status':'FAIL',
'error':'ACCESS_FORBIDDEN'
}
userID = request.session.get('id', False)
if request.POST and userID:
urlHelper = UrlHelper()
params = urlHelper.validate(request.POST, {'want', 'offer', 'type'})
if params == False:
response = {
'status':'FAIL',
'error':'BAD_REQUEST'
}
elif len(params['want']) > 150 or params['want'] == '' or not ((params['type'] == 'money' and params['offer'] != '' and float(params['offer']) > 0) or (params['type'] == 'other' and len(params['offer']) <= 150 and params['offer'] != '')):
response = {
'status':'FAIL',
'error':'FORMAT_INCORRECT'
}
else:
user = User.objects.get(id = userID)
post = None
if params['type'] == 'money':
post = Post_money(
owner = user,
want = params['want'],
offer = float(params['offer']),
community = user.parent_community
)
post.save()
elif params['type'] == 'other':
post = Post_other(
owner = user,
want = params['want'],
offer = params['offer'],
community = user.parent_community
)
post.save()
response = {
'status':'OK',
'post':{
'id':post.id,
'type':params['type'],
'owner':{
'id':post.owner.id,
'name':post.owner.profile.display_name
},
'want':post.want,
'offer':params['offer'],
'created_time':post.created_time.strftime('%Y-%m-%d %X')
}
}
return HttpResponse(json.dumps(response))
def claim(request):
response = {'status': 'FAIL', 'error': 'ACCESS_FORBIDDEN'}
userID = request.session.get('id', False)
if request.REQUEST and userID:
urlHelper = UrlHelper()
params = urlHelper.validate(request.REQUEST,
{'id', 'phone', 'email', 'note'})
if params == False:
response = {'status': 'FAIL', 'error': 'BAD_REQUEST'}
else:
user = User.objects.get(id=userID)
post = Post.objects.filter(id=params['id'],
claimer=None,
community=user.parent_community)
if post.count() > 0 and post[0].owner.id != user.id:
post = post[0]
postType = PostManager.postType(post)
message = None
if postType == Post_money:
message = Message_money(to=post.owner,
email='',
text='',
note=params['note'],
about=post.post_money)
else:
message = Message_other(to=post.owner,
email='',
text='',
note=params['note'],
about=post.post_other)
contact = False
if re.search(
r'^[_a-zA-Z0-9-]+(\.[_a-zA-Z0-9-]+)*@[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)*\.(([0-9]{1,3})|([a-zA-Z]{2,3})|(aero|coop|info|museum|name))$',
params['email']):
message.email = params['email']
contact = True
if re.search(r'^[0-9]{10}$', params['phone']):
message.text = params['phone']
contact = True
if contact:
post.claimer = user
post.claimed_time = datetime.now()
post.save()
message.save()
response = {'status': 'OK'}
else:
response = {
'status': 'FAIL',
'error': 'INVALID_CONTACT_INFO'
}
else:
response = {'status': 'FAIL', 'error': 'INVALID_POST'}
return HttpResponse(json.dumps(response))
def individualRegister(request):
response = {
'status':'FAIL',
'error':'ACCESS_FORBIDDEN',
}
if request.method == 'POST' and request.POST is not None and not request.session.has_key('id'):
urlHelper = UrlHelper()
params = urlHelper.validate(request.POST, {'email', 'password', 'confirm', 'display_name'})
if params == False or params['display_name'] == '':
response = {
'status':'FAIL',
'error':'BAD_REQUEST'
}
elif params['password'] != params['confirm']:
response = {
'status':'FAIL',
'error':'PASSWORDS_NOT_MATCH'
}
elif not (re.search(r'^[_a-zA-Z0-9-]+(\.[_a-zA-Z0-9-]+)*@[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)*\.(([0-9]{1,3})|([a-zA-Z]{2,3})|(aero|coop|info|museum|name))$', params['email']) and re.search(r'^[a-zA-Z0-9_]{6,20}$', params['password'])):
response = {
'status':'FAIL',
'error':'ILLEGAL_EMAIL_OR_PASSWORD'
}
elif User.objects.filter(email = params['email']).count() > 0:
response = {
'status':'FAIL',
'error':'EMAIL_EXISTS'
}
else:
userProfile = User_profile(
display_name = params['display_name']
)
userProfile.save()
user = User(
email = params['email'],
password = params['password'],
last_login = datetime.now(),
profile = userProfile
)
user.save()
request.session['id'] = user.id
request.session['type'] = 'individual'
response = {
'status':'OK'
}
return HttpResponse(json.dumps(response))
def delete(request):
response = {'status': 'FAIL', 'error': 'ACCESS_FORBIDDEN'}
userID = request.session.get('id', False)
if request.POST and userID:
urlHelper = UrlHelper()
params = urlHelper.validate(request.POST, {'id'})
user = User.objects.get(id=userID)
if params == False:
response = {'status': 'FAIL', 'error': 'BAD_REQUEST'}
else:
post = Post.objects.get(id=params['id'], claimer=None, owner=user)
if post:
post.delete()
response = {'status': 'OK'}
else:
response = {'status': 'FAIL', 'error': 'INVALID_POST'}
return HttpResponse(json.dumps(response))
def respond(request):
response = {
'status':'FAIL',
'error':'ACCESS_FORBIDDEN'
}
userID = request.session.get('id', False)
if request.POST and userID:
urlHelper = UrlHelper()
params = urlHelper.validate(request.POST, {'id', 'type', 'action'})
if params == False or (params['action'] != 'accept' and params['action'] != 'decline') or (params['type'] != 'money' and params['type'] != 'other'):
response = {
'status':'FAIL',
'error':'BAD_REQUEST'
}
else:
user = User.objects.get(id = userID)
message = None
if params['type'] == 'money':
message = Message_money.objects.get(id = params['id'])
else:
message = Message_other.objects.get(id = params['id'])
if params['action'] == 'accept':
message.about.approved = True
message.about.save()
message.approved = True
message.checked = True
message.save()
response = {
'status':'OK'
}
if message.text != '':
response['phone'] = message.text
if message.email != '':
response['email'] = message.email
else:
message.about.claimer = None
message.about.save()
message.approved = False
message.checked = True
message.save()
response = {
'status':'OK'
}
return HttpResponse(json.dumps(response))
def post(request):
response = {'status': 'FAIL', 'error': 'ACCESS_FORBIDDEN'}
userID = request.session.get('id', False)
if request.POST and userID:
urlHelper = UrlHelper()
params = urlHelper.validate(request.POST, {'want', 'offer', 'type'})
if params == False:
response = {'status': 'FAIL', 'error': 'BAD_REQUEST'}
elif len(params['want']) > 150 or params['want'] == '' or not (
(params['type'] == 'money' and params['offer'] != ''
and float(params['offer']) > 0) or
(params['type'] == 'other' and len(params['offer']) <= 150
and params['offer'] != '')):
response = {'status': 'FAIL', 'error': 'FORMAT_INCORRECT'}
else:
user = User.objects.get(id=userID)
post = None
if params['type'] == 'money':
post = Post_money(owner=user,
want=params['want'],
offer=float(params['offer']),
community=user.parent_community)
post.save()
elif params['type'] == 'other':
post = Post_other(owner=user,
want=params['want'],
offer=params['offer'],
community=user.parent_community)
post.save()
response = {
'status': 'OK',
'post': {
'id': post.id,
'type': params['type'],
'owner': {
'id': post.owner.id,
'name': post.owner.profile.display_name
},
'want': post.want,
'offer': params['offer'],
'created_time': post.created_time.strftime('%Y-%m-%d %X')
}
}
return HttpResponse(json.dumps(response))
def search(request):
userID = request.session.get('id', False)
if userID:
user = User.objects.get(id = userID)
if user.profile.notification == '':
return redirect('exchange-registration')
else:
msgCount = PostManager.uncheckMessageCount(user)
if request.GET:
urlHelper = UrlHelper()
params = urlHelper.validate(request.GET, {'q'}, {'p'})
if params and params['q'] != '':
page = 0
if params['p']:
page = int(params['p'])
query = params['q']
results = SearchManager.offerResults(query, user)
return render(request, 'search.html', locals())
return redirect('exchange-home')
def check(request):
response = {'status': 'FAIL', 'error': 'ACCESS_FORBIDDEN'}
userID = request.session.get('id', False)
if request.POST and userID:
urlHelper = UrlHelper()
params = urlHelper.validate(request.POST, {'id', 'type'})
if params == False or (params['type'] != 'money'
and params['type'] != 'other'):
response = {'status': 'FAIL', 'error': 'BAD_REQUEST'}
else:
user = User.objects.get(id=userID)
message = None
if params['type'] == 'money':
message = Message_money.objects.get(id=params['id'])
else:
message = Message_other.objects.get(id=params['id'])
message.checked = True
message.save()
return HttpResponse(json.dumps(response))
def searchCommunity(request):
response = {
'status':'FAIL',
'error':'ACCESS_FORBIDDEN'
}
if request.method == 'GET' and request.GET is not None:
urlHelper = UrlHelper()
params = urlHelper.validate(request.GET, {'keyword'})
if params == False:
response = {
'status':'FAIL',
'error':'BAD_REQUEST'
}
else:
communities = Community.objects.filter(Q(active = True), Q(name__icontains = params['keyword']) | Q(alias__icontains = params['keyword']))
response = {
'status':'OK',
'results':serialize(communities)
}
return HttpResponse(json.dumps(response))
def respond(request):
response = {'status': 'FAIL', 'error': 'ACCESS_FORBIDDEN'}
userID = request.session.get('id', False)
if request.POST and userID:
urlHelper = UrlHelper()
params = urlHelper.validate(request.POST, {'id', 'type', 'action'})
if params == False or (params['action'] != 'accept'
and params['action'] != 'decline') or (
params['type'] != 'money'
and params['type'] != 'other'):
response = {'status': 'FAIL', 'error': 'BAD_REQUEST'}
else:
user = User.objects.get(id=userID)
message = None
if params['type'] == 'money':
message = Message_money.objects.get(id=params['id'])
else:
message = Message_other.objects.get(id=params['id'])
if params['action'] == 'accept':
message.about.approved = True
message.about.save()
message.approved = True
message.checked = True
message.save()
response = {'status': 'OK'}
if message.text != '':
response['phone'] = message.text
if message.email != '':
response['email'] = message.email
else:
message.about.claimer = None
message.about.save()
message.approved = False
message.checked = True
message.save()
response = {'status': 'OK'}
return HttpResponse(json.dumps(response))
def check(request):
response = {
'status':'FAIL',
'error':'ACCESS_FORBIDDEN'
}
userID = request.session.get('id', False)
if request.POST and userID:
urlHelper = UrlHelper()
params = urlHelper.validate(request.POST, {'id', 'type'})
if params == False or (params['type'] != 'money' and params['type'] != 'other'):
response = {
'status':'FAIL',
'error':'BAD_REQUEST'
}
else:
user = User.objects.get(id = userID)
message = None
if params['type'] == 'money':
message = Message_money.objects.get(id = params['id'])
else:
message = Message_other.objects.get(id = params['id'])
message.checked = True
message.save()
return HttpResponse(json.dumps(response))
def registration(request):
userID = request.session.get('id', False)
if userID:
user = User.objects.get(id = userID)
if user.profile.notification == '':
if request.POST:
urlHelper = UrlHelper()
params = urlHelper.validate(request.POST, {'notify_type', 'notify_value', 'community'})
if params != False and (params['notify_type'] != 'text' or re.search(r'^[0-9]{10}$', params['notify_value'])) and (params['notify_type'] != 'email' or re.search(r'^[_a-zA-Z0-9-]+(\.[_a-zA-Z0-9-]+)*@[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)*\.(([0-9]{1,3})|([a-zA-Z]{2,3})|(aero|coop|info|museum|name))$', params['notify_value'])) and params['community'] != '' and any(a == params['community'] for a in ['1', '2', '3', '4', '5', '6', '7']):
community = Community.objects.get(id = int(params['community']))
user.parent_community = community
if params['notify_type'] == 'T':
user.profile.notification = 'T'
user.profile.phone = params['notify_value']
elif params['notify_type'] == 'M':
user.profile.notification = 'M'
user.email = params['notify_value']
else:
user.profile.notification = 'N'
user.profile.save()
user.save()
else:
return render(request, 'registration.html', locals())
return redirect('exchange-home')
def claim(request):
response = {
'status':'FAIL',
'error':'ACCESS_FORBIDDEN'
}
userID = request.session.get('id', False)
if request.REQUEST and userID:
urlHelper = UrlHelper()
params = urlHelper.validate(request.REQUEST, {'id', 'phone', 'email', 'note'})
if params == False:
response = {
'status':'FAIL',
'error':'BAD_REQUEST'
}
else:
user = User.objects.get(id = userID)
post = Post.objects.filter(id = params['id'], claimer = None, community = user.parent_community)
if post.count() > 0 and post[0].owner.id != user.id:
post = post[0]
postType = PostManager.postType(post)
message = None
if postType == Post_money:
message = Message_money(
to = post.owner,
email = '',
text = '',
note = params['note'],
about = post.post_money
)
else:
message = Message_other(
to = post.owner,
email = '',
text = '',
note = params['note'],
about = post.post_other
)
contact = False
if re.search(r'^[_a-zA-Z0-9-]+(\.[_a-zA-Z0-9-]+)*@[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)*\.(([0-9]{1,3})|([a-zA-Z]{2,3})|(aero|coop|info|museum|name))$', params['email']):
message.email = params['email']
contact = True
if re.search(r'^[0-9]{10}$', params['phone']):
message.text = params['phone']
contact = True
if contact:
post.claimer = user
post.claimed_time = datetime.now()
post.save()
message.save()
response = {
'status':'OK'
}
else:
response = {
'status':'FAIL',
'error':'INVALID_CONTACT_INFO'
}
else:
response = {
'status':'FAIL',
'error':'INVALID_POST'
}
return HttpResponse(json.dumps(response))