added rate limites to listing

bookshare/trades/views.py

@@ -18,7 +18,7 @@ import requests
 from PIL import Image
 from braces.views import LoginRequiredMixin
 from braces.views import FormValidMessageMixin
-from ratelimit.mixins import RatelimitMixin
+from ratelimit.decorators import ratelimit
 # imports from your apps
 from .models import Listing, Bid, Flag, Rating
 from .forms import ListingForm, BidForm, FlagForm, SellListingForm,\
@@ -131,6 +131,11 @@ class CreateListing(LoginRequiredMixin, FormValidMessageMixin, CreateView):
         context['my_form'] = form
         return context
 
+    @ratelimit(key='user', rate='5/m', method='POST', block=True)
+    @ratelimit(key='user', rate='100/day', method='POST', block=True)
+    def post(self, request, *args, **kwargs):
+        return super(CreateListing, self).post(request, *args, **kwargs)
+
 
 # These next two views are tied together...
 class DetailListing(DetailView):
@@ -192,6 +197,9 @@ class ListingPage(LoginRequiredMixin, View):
         view = DetailListing.as_view()
         return view(request, *args, **kwargs)
 
+    @ratelimit(key='user', rate='5/m', method='POST', block=True)
+    # rate limit is higher for bids
+    @ratelimit(key='user', rate='200/d', method='POST', block=True)
     def post(self, request, *args, **kwargs):
         view = CreateBid.as_view()
         return view(request, *args, **kwargs)
@@ -248,6 +256,11 @@ class CreateFlag(LoginRequiredMixin, CreateView):
         context['my_form'] = form
         return context
 
+    # no daily limit because we want people to flag everything they need to
+    @ratelimit(key='user', rate='5/m', method='POST', block=True)
+    def post(self, request, *args, **kwargs):
+        return super(CreateFlag, self).post(request, *args, **kwargs)
+
 
 class DeleteFlag(LoginRequiredMixin, DeleteView):
     model = Flag
@@ -311,7 +324,7 @@ class EditListing(LoginRequiredMixin, FormValidMessageMixin, UpdateView):
         return context
 
 
-class SellListing(LoginRequiredMixin, RatelimitMixin, FormValidMessageMixin, UpdateView):
+class SellListing(LoginRequiredMixin, FormValidMessageMixin, UpdateView):
     model = Listing
     fields = ['email_message', 'winning_bid', ]
     template_suffix_name = '_sell'
@@ -319,11 +332,6 @@ class SellListing(LoginRequiredMixin, RatelimitMixin, FormValidMessageMixin, Upd
     template_name = 'listing_sell.html'
     login_url = 'login'
 
-    ratelimit_key = 'user'
-    ratelimit_rate = '1/d'
-    ratelimit_block = False
-    ratelimit_method = 'POST'
-
     form_valid_message = "Your email was successfully sent!"
 
     def form_valid(self, form):
@@ -383,6 +391,11 @@ class SellListing(LoginRequiredMixin, RatelimitMixin, FormValidMessageMixin, Upd
 
         return context
 
+    @ratelimit(key='user', rate='5/m', method='POST', block=True)
+    @ratelimit(key='user', rate='100/d', method='POST', block=True)
+    def post(self, request, *args, **kwargs):
+        return super(SellListing, self).post(request, *args, **kwargs)
+
 
 class UnSellListing(LoginRequiredMixin, FormValidMessageMixin, UpdateView):
     model = Listing
@@ -442,6 +455,11 @@ class UnSellListing(LoginRequiredMixin, FormValidMessageMixin, UpdateView):
         context['my_form'] = form
 
         return context
+ 
+    @ratelimit(key='user', rate='5/m', method='POST', block=True)
+    @ratelimit(key='user', rate='100/d', method='POST', block=True)
+    def post(self, request, *args, **kwargs):
+        return super(UnSellListing, self).post(request, *args, **kwargs)
 
 
 class CancelListing(LoginRequiredMixin, FormValidMessageMixin, UpdateView):
@@ -550,6 +568,11 @@ class CreateRating(LoginRequiredMixin, CreateView):
         context['my_form'] = form
         return context
 
+    # no per-day limit because you can only rate listings you've been sold to
+    @ratelimit(key='user', rate='5/m', method='POST', block=True)
+    def post(self, request, *args, **kwargs):
+        return super(CreateRating, self).post(request, *args, **kwargs)
+
 
 class EditRating(LoginRequiredMixin, UpdateView):
     model = Rating