def add_comment(cls, pid: int, user_id: int, message: str, cid: int = None, message_id: int = None, automated=False): from flask.ext.login import current_user from funding.factory import db_session if not message: raise Exception("empty message") if current_user.id != user_id and not current_user.admin: raise Exception("no rights to add or modify this comment") if not message_id: proposal = Proposal.find_by_id(pid=pid) if not proposal: raise Exception("no proposal by that id") comment = Comment(user_id=user_id, proposal_id=proposal.id, automated=automated) if cid: parent = Comment.find_by_id(cid=cid) if not parent: raise Exception("cannot reply to a non-existent comment") comment.replied_to = parent.id else: try: user = db_session.query(User).filter( User.id == user_id).first() if not user: raise Exception("no user by that id") comment = next(c for c in user.comments if c.id == message_id) if comment.locked and not current_user.admin: raise Exception("your comment has been locked/removed") except StopIteration: raise Exception("no message by that id") except: raise Exception("unknown error") try: comment.message = message db_session.add(comment) db_session.commit() db_session.flush() except Exception as ex: db_session.rollback() raise Exception(str(ex)) return comment
def add(cls, proposal_id, amount, to_address): # @TODO: validate that we can make this payout; check previous payouts from flask.ext.login import current_user if not current_user.admin: raise Exception("user must be admin to add a payout") from funding.factory import db_session try: payout = Payout(propsal_id=proposal_id, amount=amount, to_address=to_address) db_session.add(payout) db_session.commit() db_session.flush() return payout except Exception as ex: db_session.rollback() raise
def add(cls, username, password, email): from funding.factory import db_session from funding.validation import val_username, val_email try: # validate incoming username/email val_username(username) val_email(email) user = User(username, password, email) db_session.add(user) db_session.commit() db_session.flush() return user except Exception as ex: db_session.rollback() raise
def proposal_api_add(title, content, pid, funds_target, addr_receiving, category, status): import markdown2 if current_user.is_anonymous: return make_response(jsonify('err'), 500) if len(title) <= 8: return make_response(jsonify('title too short'), 500) if len(content) <= 20: return make_response(jsonify('content too short'), 500) if category and category not in settings.FUNDING_CATEGORIES: return make_response(jsonify('unknown category'), 500) if status not in settings.FUNDING_STATUSES.keys(): make_response(jsonify('unknown status'), 500) if status != 1 and not current_user.admin: return make_response(jsonify('no rights to change status'), 500) try: from funding.bin.anti_xss import such_xss content_escaped = such_xss(content) html = markdown2.markdown(content_escaped, safe_mode=True) except Exception as ex: return make_response(jsonify('markdown error'), 500) if pid: p = Proposal.find_by_id(pid=pid) if not p: return make_response(jsonify('proposal not found'), 500) if p.user.id != current_user.id and not current_user.admin: return make_response(jsonify('no rights to edit this proposal'), 500) p.headline = title p.content = content p.html = html if addr_receiving: p.addr_receiving = addr_receiving if category: p.category = category # detect if an admin moved a proposal to a new status and auto-comment if p.status != status and current_user.admin: msg = "Moved to status \"%s\"." % settings.FUNDING_STATUSES[status].capitalize() try: Comment.add_comment(user_id=current_user.id, message=msg, pid=pid, automated=True) except: pass p.status = status p.last_edited = datetime.now() else: try: funds_target = float(funds_target) except Exception as ex: return make_response(jsonify('letters detected'),500) if funds_target < 1: return make_response(jsonify('Proposal asking less than 1 error :)'), 500) if len(addr_receiving) != 95: return make_response(jsonify('Faulty address, should be of length 95'), 500) p = Proposal(headline=title, content=content, category='misc', user=current_user) proposalID = current_user addr_donation = Proposal.generate_proposal_subaccount(proposalID) p.addr_donation = addr_donation p.html = html p.last_edited = datetime.now() p.funds_target = funds_target p.addr_receiving = addr_receiving p.category = category p.status = status db_session.add(p) db_session.commit() db_session.flush() # reset cached statistics from funding.bin.utils import Summary Summary.fetch_stats(purge=True) return make_response(jsonify({'url': url_for('proposal', pid=p.id)}))