def post(self, request, *args, **kwargs): self.object = self.get_object() page = self.get_comment_page() if self.is_comment_locked(): return HttpResponseForbidden() parent = request.POST.get('parent') if parent: if len(parent) > 10: return HttpResponseBadRequest() try: parent = int(parent) except ValueError: return HttpResponseNotFound() else: if not Comment.objects.filter( hidden=False, id=parent, page=page).exists(): return HttpResponseNotFound() form = CommentForm(request, request.POST) if form.is_valid(): comment = form.save(commit=False) comment.author = request.profile comment.page = page with LockModel(write=(Comment, Revision, Version), read=(ContentType, )), revisions.create_revision(): revisions.set_user(request.user) revisions.set_comment(_('Posted comment')) comment.save() return HttpResponseRedirect(request.path) context = self.get_context_data(object=self.object, comment_form=form) return self.render_to_response(context)
def changelist_view(self, request, extra_context=None): self.__save_model_calls = 0 with NavigationBar.objects.disable_mptt_updates(): result = super(NavigationBarAdmin, self).changelist_view(request, extra_context) if self.__save_model_calls: with LockModel(write=(NavigationBar,)): NavigationBar.objects.rebuild() return result
def vote_comment(request, delta): if abs(delta) != 1: return HttpResponseBadRequest(_('Messing around, are we?'), content_type='text/plain') if request.method != 'POST': return HttpResponseForbidden() if 'id' not in request.POST or len(request.POST['id']) > 10: return HttpResponseBadRequest() if not request.user.is_staff and not request.profile.has_any_solves: return HttpResponseBadRequest( _('You must solve at least one problem before you can vote.'), content_type='text/plain') if request.profile.mute: return HttpResponseBadRequest(_('Your part is silent, little toad.'), content_type='text/plain') try: comment_id = int(request.POST['id']) except ValueError: return HttpResponseBadRequest() else: if not Comment.objects.filter(id=comment_id, hidden=False).exists(): return HttpResponseNotFound(_('Comment not found.'), content_type='text/plain') vote = CommentVote() vote.comment_id = comment_id vote.voter = request.profile vote.score = delta while True: try: vote.save() except IntegrityError: with LockModel(write=(CommentVote, )): try: vote = CommentVote.objects.get(comment_id=comment_id, voter=request.profile) except CommentVote.DoesNotExist: # We must continue racing in case this is exploited to manipulate votes. continue if -vote.score != delta: return HttpResponseBadRequest(_('You already voted.'), content_type='text/plain') vote.delete() Comment.objects.filter(id=comment_id).update(score=F('score') - vote.score) else: Comment.objects.filter(id=comment_id).update(score=F('score') + delta) break return HttpResponse('success', content_type='text/plain')
def vote_comment(request, delta): if abs(delta) != 1: return HttpResponseBadRequest(_('Messing around, are we?'), content_type='text/plain') if request.method != 'POST': return HttpResponseForbidden() if 'id' not in request.POST: return HttpResponseBadRequest() try: comment_id = int(request.POST['id']) except ValueError: return HttpResponseBadRequest() else: if not Comment.objects.filter(id=comment_id).exists(): raise Http404() vote = CommentVote() vote.comment_id = comment_id vote.voter = request.user.profile vote.score = delta while True: try: vote.save() except IntegrityError: with LockModel(write=(CommentVote, )): try: vote = CommentVote.objects.get(comment_id=comment_id, voter=request.user.profile) except CommentVote.DoesNotExist: # We must continue racing in case this is exploited to manipulate votes. continue if -vote.score != delta: return HttpResponseBadRequest(_('You already voted.'), content_type='text/plain') vote.delete() Comment.objects.filter(id=comment_id).update(score=F('score') - vote.score) else: Comment.objects.filter(id=comment_id).update(score=F('score') + delta) break return HttpResponse('success', content_type='text/plain')
def post(self, request, *args, **kwargs): self.object = self.get_object() page = self.get_comment_page() with LockModel(write=(Comment, Revision, Version), read=(Profile, ContentType, Submission, Problem)): form = CommentForm(request, request.POST) if form.is_valid(): comment = form.save(commit=False) comment.author = request.user.profile comment.page = page with revisions.create_revision(): revisions.set_user(request.user) revisions.set_comment(_('Posted comment')) comment.save() return HttpResponseRedirect(request.path) context = self.get_context_data(object=self.object, comment_form=form) return self.render_to_response(context)