def vote_comment(request, delta):
if abs(delta) != 1:
return HttpResponseBadRequest(_('Messing around, are we?'),
content_type='text/plain')
if request.method != 'POST':
return HttpResponseForbidden()
if 'id' not in request.POST or len(request.POST['id']) > 10:
return HttpResponseBadRequest()
if not request.user.is_staff and not request.profile.has_any_solves:
return HttpResponseBadRequest(
_('You must solve at least one problem before you can vote.'),
content_type='text/plain')
if request.profile.mute:
return HttpResponseBadRequest(_('Your part is silent, little toad.'),
content_type='text/plain')
try:
comment_id = int(request.POST['id'])
except ValueError:
return HttpResponseBadRequest()
else:
if not Comment.objects.filter(id=comment_id, hidden=False).exists():
return HttpResponseNotFound(_('Comment not found.'),
content_type='text/plain')
vote = CommentVote()
vote.comment_id = comment_id
vote.voter = request.profile
vote.score = delta
while True:
try:
vote.save()
except IntegrityError:
with LockModel(write=(CommentVote, )):
try:
vote = CommentVote.objects.get(comment_id=comment_id,
voter=request.profile)
except CommentVote.DoesNotExist:
# We must continue racing in case this is exploited to manipulate votes.
continue
if -vote.score != delta:
return HttpResponseBadRequest(_('You already voted.'),
content_type='text/plain')
vote.delete()
Comment.objects.filter(id=comment_id).update(score=F('score') -
vote.score)
else:
Comment.objects.filter(id=comment_id).update(score=F('score') +
delta)
break
return HttpResponse('success', content_type='text/plain')
def vote_comment(request, delta):
if abs(delta) != 1:
return HttpResponseBadRequest(_('Messing around, are we?'),
content_type='text/plain')
if request.method != 'POST':
return HttpResponseForbidden()
if 'id' not in request.POST:
return HttpResponseBadRequest()
try:
comment_id = int(request.POST['id'])
except ValueError:
return HttpResponseBadRequest()
else:
if not Comment.objects.filter(id=comment_id).exists():
raise Http404()
vote = CommentVote()
vote.comment_id = comment_id
vote.voter = request.user.profile
vote.score = delta
while True:
try:
vote.save()
except IntegrityError:
with LockModel(write=(CommentVote, )):
try:
vote = CommentVote.objects.get(comment_id=comment_id,
voter=request.user.profile)
except CommentVote.DoesNotExist:
# We must continue racing in case this is exploited to manipulate votes.
continue
if -vote.score != delta:
return HttpResponseBadRequest(_('You already voted.'),
content_type='text/plain')
vote.delete()
Comment.objects.filter(id=comment_id).update(score=F('score') -
vote.score)
else:
Comment.objects.filter(id=comment_id).update(score=F('score') +
delta)
break
return HttpResponse('success', content_type='text/plain')
def vote_comment(request, delta):
if abs(delta) != 1:
return HttpResponseBadRequest(_('Messing around, are we?'), content_type='text/plain')
if request.method != 'POST':
return HttpResponseForbidden()
if 'id' not in request.POST:
return HttpResponseBadRequest()
if not request.user.is_staff and not request.profile.submission_set.filter(points=F('problem__points')).exists():
return HttpResponseBadRequest(_('You must solve at least one problem before you can vote.'),
content_type='text/plain')
try:
comment_id = int(request.POST['id'])
except ValueError:
return HttpResponseBadRequest()
else:
if not Comment.objects.filter(id=comment_id).exists():
raise Http404()
vote = CommentVote()
vote.comment_id = comment_id
vote.voter = request.profile
vote.score = delta
while True:
try:
vote.save()
except IntegrityError:
with LockModel(write=(CommentVote,)):
try:
vote = CommentVote.objects.get(comment_id=comment_id, voter=request.profile)
except CommentVote.DoesNotExist:
# We must continue racing in case this is exploited to manipulate votes.
continue
if -vote.score != delta:
return HttpResponseBadRequest(_('You already voted.'), content_type='text/plain')
vote.delete()
Comment.objects.filter(id=comment_id).update(score=F('score') - vote.score)
else:
Comment.objects.filter(id=comment_id).update(score=F('score') + delta)
break
return HttpResponse('success', content_type='text/plain')