def _is_ratelimited(request): """Ratelimiting helper for kbforum threads and replies. They are ratelimited together with the same key. """ return ( is_ratelimited(request, increment=True, rate='4/m', ip=False, keys=user_or_ip('kbforum-post-min')) or is_ratelimited(request, increment=True, rate='50/d', ip=False, keys=user_or_ip('kbforum-post-day')))
def new_message(request, template): """Send a new private message.""" to = request.GET.get('to') if to: try: User.objects.get(username=to) except User.DoesNotExist: contrib_messages.add_message( request, contrib_messages.ERROR, _('Invalid username provided. Enter a new username below.')) return HttpResponseRedirect(reverse('messages.new')) form = MessageForm(request.POST or None, initial={'to': to}) if (request.method == 'POST' and form.is_valid() and not is_ratelimited(request, increment=True, rate='50/d', ip=False, keys=user_or_ip('private-message-day'))): send_message(form.cleaned_data['to'], form.cleaned_data['message'], request.user) if form.cleaned_data['in_reply_to']: irt = form.cleaned_data['in_reply_to'] try: m = InboxMessage.objects.get(pk=irt, to=request.user) m.update(replied=True) except InboxMessage.DoesNotExist: pass contrib_messages.add_message(request, contrib_messages.SUCCESS, _('Your message was sent!')) return HttpResponseRedirect(reverse('messages.inbox')) return render(request, template, {'form': form})
def new_message(request, template): """Send a new private message.""" to = request.GET.get("to") if to: try: User.objects.get(username=to) except User.DoesNotExist: contrib_messages.add_message( request, contrib_messages.ERROR, _("Invalid username provided. Enter a new username below.") ) return HttpResponseRedirect(reverse("messages.new")) form = MessageForm(request.POST or None, initial={"to": to}) if ( request.method == "POST" and form.is_valid() and not is_ratelimited(request, increment=True, rate="50/d", ip=False, keys=user_or_ip("private-message-day")) ): send_message(form.cleaned_data["to"], form.cleaned_data["message"], request.user) if form.cleaned_data["in_reply_to"]: irt = form.cleaned_data["in_reply_to"] try: m = InboxMessage.objects.get(pk=irt, to=request.user) m.update(replied=True) except InboxMessage.DoesNotExist: pass contrib_messages.add_message(request, contrib_messages.SUCCESS, _("Your message was sent!")) return HttpResponseRedirect(reverse("messages.inbox")) return render(request, template, {"form": form})
def new_message(request, template): """Send a new private message.""" to = request.GET.get('to') if to: try: User.objects.get(username=to) except User.DoesNotExist: contrib_messages.add_message( request, contrib_messages.ERROR, _('Invalid username provided. Enter a new username below.')) return HttpResponseRedirect(reverse('messages.new')) form = MessageForm(request.POST or None, initial={'to': to}) if (request.method == 'POST' and form.is_valid() and not is_ratelimited(request, increment=True, rate='50/d', ip=False, keys=user_or_ip('private-message-day'))): send_message(form.cleaned_data['to'], form.cleaned_data['message'], request.user) if form.cleaned_data['in_reply_to']: irt = form.cleaned_data['in_reply_to'] try: m = InboxMessage.objects.get(pk=irt, to=request.user) m.update(replied=True) except InboxMessage.DoesNotExist: pass contrib_messages.add_message(request, contrib_messages.SUCCESS, _('Your message was sent!')) return HttpResponseRedirect(reverse('messages.inbox')) return render(request, template, {'form': form})
def new_thread(request, forum_slug): """Start a new thread.""" forum = get_object_or_404(Forum, slug=forum_slug) user = request.user if not forum.allows_posting_by(user): if forum.allows_viewing_by(user): raise PermissionDenied else: raise Http404 if request.method == 'GET': form = NewThreadForm() return render(request, 'forums/new_thread.html', { 'form': form, 'forum': forum }) form = NewThreadForm(request.POST) post_preview = None if form.is_valid(): if 'preview' in request.POST: thread = Thread(creator=request.user, title=form.cleaned_data['title']) post_preview = Post(thread=thread, author=request.user, content=form.cleaned_data['content']) post_preview.author_post_count = \ post_preview.author.post_set.count() elif (_skip_post_ratelimit(request) or not is_ratelimited(request, increment=True, rate='5/d', ip=False, keys=user_or_ip('forum-post'))): thread = forum.thread_set.create(creator=request.user, title=form.cleaned_data['title']) thread.save() statsd.incr('forums.thread') post = thread.new_post(author=request.user, content=form.cleaned_data['content']) post.save() NewThreadEvent(post).fire(exclude=post.author) # Add notification automatically if needed. if Setting.get_for_user(request.user, 'forums_watch_new_thread'): NewPostEvent.notify(request.user, thread) url = reverse('forums.posts', args=[forum_slug, thread.id]) return HttpResponseRedirect(urlparams(url, last=post.id)) return render(request, 'forums/new_thread.html', { 'form': form, 'forum': forum, 'post_preview': post_preview })
def new_thread(request, forum_slug): """Start a new thread.""" forum = get_object_or_404(Forum, slug=forum_slug) user = request.user if not forum.allows_posting_by(user): if forum.allows_viewing_by(user): raise PermissionDenied else: raise Http404 if request.method == 'GET': form = NewThreadForm() return render(request, 'forums/new_thread.html', { 'form': form, 'forum': forum}) form = NewThreadForm(request.POST) post_preview = None if form.is_valid(): if 'preview' in request.POST: thread = Thread(creator=request.user, title=form.cleaned_data['title']) post_preview = Post(thread=thread, author=request.user, content=form.cleaned_data['content']) post_preview.author_post_count = \ post_preview.author.post_set.count() elif (_skip_post_ratelimit(request) or not is_ratelimited(request, increment=True, rate='5/d', ip=False, keys=user_or_ip('forum-post'))): thread = forum.thread_set.create(creator=request.user, title=form.cleaned_data['title']) thread.save() statsd.incr('forums.thread') post = thread.new_post(author=request.user, content=form.cleaned_data['content']) post.save() NewThreadEvent(post).fire(exclude=post.author) # Add notification automatically if needed. if Setting.get_for_user(request.user, 'forums_watch_new_thread'): NewPostEvent.notify(request.user, thread) url = reverse('forums.posts', args=[forum_slug, thread.id]) return HttpResponseRedirect(urlparams(url, last=post.id)) return render(request, 'forums/new_thread.html', { 'form': form, 'forum': forum, 'post_preview': post_preview})
def reply(request, forum_slug, thread_id): """Reply to a thread.""" forum = get_object_or_404(Forum, slug=forum_slug) user = request.user if not forum.allows_posting_by(user): if forum.allows_viewing_by(user): raise PermissionDenied else: raise Http404 form = ReplyForm(request.POST) post_preview = None if form.is_valid(): thread = get_object_or_404(Thread, pk=thread_id, forum=forum) if not thread.is_locked: reply_ = form.save(commit=False) reply_.thread = thread reply_.author = request.user if 'preview' in request.POST: post_preview = reply_ post_preview.author_post_count = \ reply_.author.post_set.count() elif (_skip_post_ratelimit(request) or not is_ratelimited(request, increment=True, rate='15/d', ip=False, keys=user_or_ip('forum-post'))): reply_.save() statsd.incr('forums.reply') # Subscribe the user to the thread. if Setting.get_for_user(request.user, 'forums_watch_after_reply'): NewPostEvent.notify(request.user, thread) # Send notifications to thread/forum watchers. NewPostEvent(reply_).fire(exclude=reply_.author) return HttpResponseRedirect(thread.get_last_post_url()) return posts(request, forum_slug, thread_id, form, post_preview, is_reply=True)
def reply(request, forum_slug, thread_id): """Reply to a thread.""" forum = get_object_or_404(Forum, slug=forum_slug) user = request.user if not forum.allows_posting_by(user): if forum.allows_viewing_by(user): raise PermissionDenied else: raise Http404 form = ReplyForm(request.POST) post_preview = None if form.is_valid(): thread = get_object_or_404(Thread, pk=thread_id, forum=forum) if not thread.is_locked: reply_ = form.save(commit=False) reply_.thread = thread reply_.author = request.user if 'preview' in request.POST: post_preview = reply_ post_preview.author_post_count = \ reply_.author.post_set.count() elif (_skip_post_ratelimit(request) or not is_ratelimited(request, increment=True, rate='5/d', ip=False, keys=user_or_ip('forum-post'))): reply_.save() statsd.incr('forums.reply') # Subscribe the user to the thread. if Setting.get_for_user(request.user, 'forums_watch_after_reply'): NewPostEvent.notify(request.user, thread) # Send notifications to thread/forum watchers. NewPostEvent(reply_).fire(exclude=reply_.author) return HttpResponseRedirect(thread.get_last_post_url()) return posts(request, forum_slug, thread_id, form, post_preview, is_reply=True)
document = get_object_or_404(Document, **kwargs) data = json.dumps({ 'id': document.id, 'locale': document.locale, 'slug': document.slug, 'title': document.title, 'summary': document.current_revision.summary, 'url': document.get_absolute_url(), }) return HttpResponse(data, mimetype='application/json') @require_POST @csrf_exempt @ratelimit(keys=user_or_ip('document-vote'), ip=False, rate='10/d') def helpful_vote(request, document_slug): """Vote for Helpful/Not Helpful document""" if 'revision_id' not in request.POST: return HttpResponseBadRequest() revision = get_object_or_404( Revision, id=smart_int(request.POST['revision_id'])) survey = None if revision.document.category == TEMPLATES_CATEGORY: return HttpResponseBadRequest() if not revision.has_voted(request): ua = request.META.get('HTTP_USER_AGENT', '')[:1000] # 1000 max_length vote = HelpfulVote(revision=revision, user_agent=ua)
document = get_object_or_404(Document, **kwargs) data = json.dumps({ 'id': document.id, 'locale': document.locale, 'slug': document.slug, 'title': document.title, 'summary': document.current_revision.summary, 'url': document.get_absolute_url(), }) return HttpResponse(data, mimetype='application/json') @require_POST @csrf_exempt @ratelimit(keys=user_or_ip('document-vote'), ip=False, rate='10/d') def helpful_vote(request, document_slug): """Vote for Helpful/Not Helpful document""" if 'revision_id' not in request.POST: return HttpResponseBadRequest() revision = get_object_or_404(Revision, id=smart_int(request.POST['revision_id'])) survey = None if revision.document.category == TEMPLATES_CATEGORY: return HttpResponseBadRequest() if not revision.has_voted(request): ua = request.META.get('HTTP_USER_AGENT', '')[:1000] # 1000 max_length vote = HelpfulVote(revision=revision, user_agent=ua)