Buying will work... soon...

k4ever/api2/decorators.py

@@ -0,0 +1,23 @@
+from functools import wraps
+
+def changeUserOnPlugin(apiFunc):
+	""" Changes to a given user when the authenticated user is an plugin
+
+		When the user which called the apifunc is an plugin this function
+		goes through the following steps:
+		    - searches the user it should change to
+			- checks if this user allowed the plugin to "speak for him"
+			- change the request so it looks like the user called himself
+			- add an plugin_user entry containing the previous request user
+		This decorator is intended to be used with django piston, so on error
+		it will return the appropriate rc.* values.
+	"""
+	
+	@wraps(apiFunc)
+	def wrapper(self, request, *args, **kwargs):
+		return self.apiFunc(request, *args, **kwargs)
+	return wrapper
+	
+
+
+

k4ever/api2/handlers.py

@@ -2,12 +2,13 @@ from piston.handler import BaseHandler
 from piston.utils import rc
 from k4ever.buyable.models import *
 from k4ever.transaction.models import *
+from decorators import changeUserOnPlugin
 
 class BuyableItemHandler(BaseHandler):
 	allowed_methods = ('GET', 'POST')
 	#fields = ('id', 'description')
 	model = Buyable
-	exclude = ('_state',)
+	exclude = ('_*',)
 	
 	def read(self, request, itemId=None):
 		if itemId == None:
@@ -23,7 +24,7 @@ class BuyableItemHandler(BaseHandler):
 			error.write("This buyable does not exist in our database")
 			return error
 	
-	def getInt(d, key, default):
+	def getInt(self, d, key, default):
 		try:
 			return int(d.get(key, default))
 		except ValueError:
@@ -32,9 +33,9 @@ class BuyableItemHandler(BaseHandler):
 	def create(self, request, itemId=None):
 		if not itemId:
 			return rc.BAD_REQUEST
-		obj = None
+		item = None
 		try:
-			obj = Buyables.objects.get(id=itemId)
+			item = Buyable.objects.get(id=itemId)
 		except Buyable.DoesNotExist:
 			return rc.NOT_FOUND
 		
@@ -42,6 +43,25 @@ class BuyableItemHandler(BaseHandler):
 		data = request.POST
 		deposit = self.getInt(data, 'deposit', 0)
 		amount = self.getInt(data, 'amount', 1)
+		if amount < 1:
+			return rc.BAD_REQUEST
+		if item.hasDeposit() and deposit > 0:
+			return rc.BAD_REQUEST # this is just the user being plain stupid
+		order = Order()
+		order.create(request.user)
+		try:
+			order.save()
+		except Exception, e:
+			return str(e)
+		return rc.ALL_OK
+		for i in range(amount):
+			p = Purchase.create(order, item, isDeposit=False)
+			p.save()
+			if deposit > 0:
+				p = Purchase.create(order, item, isDeposit=True)
+				p.save()
+		order.updatePrice(commit=True)
+		order.save()
 				
 		return rc.ALL_OK
 

k4ever/api2/urls.py

@@ -21,8 +21,8 @@ buyableTypeRes    = CsrfExemptResource(handler=BuyableTypeHandler,     **ad)
 transactionTransactRes = CsrfExemptResource(handler=TransactionTransactHandler, **ad)
 transactionTypeRes     = CsrfExemptResource(handler=TransactionTypeHandler, **ad)
 
-authBlobRes = Resource(handler=AuthBlobHandler, **ad)
+authBlobRes = CsrfExemptResource(handler=AuthBlobHandler, **ad)
-configRes   = Resource(handler=ConfigHandler, **ad)
+configRes   = CsrfExemptResource(handler=ConfigHandler, **ad)
 
 
 urlpatterns = patterns('',

k4ever/settings.py

@@ -5,6 +5,7 @@ import ldap
 DEBUG = True
 TEMPLATE_DEBUG = DEBUG
 PISTON_DISPLAY_ERRORS = DEBUG
+DEBUG_PROPOGATE_EXCEPTIONS = True
 
 ADMINS = (
     # ('Your Name', 'your_email@domain.com'),