author | David Douard <david.douard@logilab.fr> |
Fri, 30 Nov 2012 21:19:36 +0100 | |
branch | stable |
changeset 8608 | 1a87ccdf12a3 |
parent 8605 | 797fc2e2fb78 |
child 8609 | 112a04c0473d |
permissions | -rw-r--r-- |
8162
d5b02af28125
[deprecation] add cw version number to deprecation warning
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8128
diff
changeset
|
1 |
# copyright 2003-2012 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
5421
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5389
diff
changeset
|
2 |
# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5389
diff
changeset
|
3 |
# |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5389
diff
changeset
|
4 |
# This file is part of CubicWeb. |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5389
diff
changeset
|
5 |
# |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5389
diff
changeset
|
6 |
# CubicWeb is free software: you can redistribute it and/or modify it under the |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5389
diff
changeset
|
7 |
# terms of the GNU Lesser General Public License as published by the Free |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5389
diff
changeset
|
8 |
# Software Foundation, either version 2.1 of the License, or (at your option) |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5389
diff
changeset
|
9 |
# any later version. |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5389
diff
changeset
|
10 |
# |
5424
8ecbcbff9777
replace logilab-common by CubicWeb in disclaimer
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5421
diff
changeset
|
11 |
# CubicWeb is distributed in the hope that it will be useful, but WITHOUT |
5421
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5389
diff
changeset
|
12 |
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5389
diff
changeset
|
13 |
# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5389
diff
changeset
|
14 |
# details. |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5389
diff
changeset
|
15 |
# |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5389
diff
changeset
|
16 |
# You should have received a copy of the GNU Lesser General Public License along |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5389
diff
changeset
|
17 |
# with CubicWeb. If not, see <http://www.gnu.org/licenses/>. |
0 | 18 |
"""Set of base controllers, which are directly plugged into the application |
19 |
object to handle publication. |
|
5626 | 20 |
""" |
0 | 21 |
|
22 |
__docformat__ = "restructuredtext en" |
|
6582
8eb7883b4223
[pylint] fix a bug of pylint detected errors and i18n pb (calling builtins._ instead of req._)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6545
diff
changeset
|
23 |
_ = unicode |
0 | 24 |
|
8128
0a927fe4541b
[controllers] deprecate JSonController and implement AjaxController / ajax-func registry (closes #2110265)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
8116
diff
changeset
|
25 |
from warnings import warn |
0a927fe4541b
[controllers] deprecate JSonController and implement AjaxController / ajax-func registry (closes #2110265)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
8116
diff
changeset
|
26 |
|
7824
18ce47d4a17f
[jsoncontroller] deprecate the now unused js_set_cookie (closes #1944810)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
7609
diff
changeset
|
27 |
from logilab.common.deprecation import deprecated |
0 | 28 |
|
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5201
diff
changeset
|
29 |
from cubicweb import (NoSelectableObject, ObjectNotFound, ValidationError, |
8605
797fc2e2fb78
[web] add a digital signature to error form (closes #2522526)
David Douard <david.douard@logilab.fr>
parents:
8487
diff
changeset
|
30 |
AuthenticationError, typed_eid, UndoTransactionException, |
797fc2e2fb78
[web] add a digital signature to error form (closes #2522526)
David Douard <david.douard@logilab.fr>
parents:
8487
diff
changeset
|
31 |
Forbidden) |
8128
0a927fe4541b
[controllers] deprecate JSonController and implement AjaxController / ajax-func registry (closes #2110265)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
8116
diff
changeset
|
32 |
from cubicweb.utils import json_dumps |
8190
2a3c1b787688
[vreg] move base registry implementation to logilab.common. Closes #1916014
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8162
diff
changeset
|
33 |
from cubicweb.predicates import (authenticated_user, anonymous_user, |
8128
0a927fe4541b
[controllers] deprecate JSonController and implement AjaxController / ajax-func registry (closes #2110265)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
8116
diff
changeset
|
34 |
match_form_params) |
0a927fe4541b
[controllers] deprecate JSonController and implement AjaxController / ajax-func registry (closes #2110265)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
8116
diff
changeset
|
35 |
from cubicweb.web import Redirect, RemoteCallFailed |
8267
486386d9f836
[web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents:
8190
diff
changeset
|
36 |
from cubicweb.web.controller import Controller, append_url_params |
8128
0a927fe4541b
[controllers] deprecate JSonController and implement AjaxController / ajax-func registry (closes #2110265)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
8116
diff
changeset
|
37 |
from cubicweb.web.views import vid_from_rset |
8267
486386d9f836
[web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents:
8190
diff
changeset
|
38 |
import cubicweb.transaction as tx |
1419 | 39 |
|
8162
d5b02af28125
[deprecation] add cw version number to deprecation warning
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8128
diff
changeset
|
40 |
@deprecated('[3.15] jsonize is deprecated, use AjaxFunction appobjects instead') |
1419 | 41 |
def jsonize(func): |
5940
0e3ae19b181a
[uilib] refactor json_dumps code organization
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5869
diff
changeset
|
42 |
"""decorator to sets correct content_type and calls `json_dumps` on |
1419 | 43 |
results |
44 |
""" |
|
45 |
def wrapper(self, *args, **kwargs): |
|
3451
6b46d73823f5
[api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3377
diff
changeset
|
46 |
self._cw.set_content_type('application/json') |
1635
866563e2d0fc
don't depends on simplejson outside web/
sylvain.thenault@logilab.fr
parents:
1560
diff
changeset
|
47 |
return json_dumps(func(self, *args, **kwargs)) |
1527
c8ca1782e252
controller fixes
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1467
diff
changeset
|
48 |
wrapper.__name__ = func.__name__ |
1419 | 49 |
return wrapper |
50 |
||
8162
d5b02af28125
[deprecation] add cw version number to deprecation warning
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8128
diff
changeset
|
51 |
@deprecated('[3.15] xhtmlize is deprecated, use AjaxFunction appobjects instead') |
1419 | 52 |
def xhtmlize(func): |
53 |
"""decorator to sets correct content_type and calls `xmlize` on results""" |
|
54 |
def wrapper(self, *args, **kwargs): |
|
3451
6b46d73823f5
[api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3377
diff
changeset
|
55 |
self._cw.set_content_type(self._cw.html_content_type()) |
1419 | 56 |
result = func(self, *args, **kwargs) |
3451
6b46d73823f5
[api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3377
diff
changeset
|
57 |
return ''.join((self._cw.document_surrounding_div(), result.strip(), |
2559
46859078c866
[R xhtml] remove xhtml_wrap* function, use instead a single req.document_surrounding_div method
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2557
diff
changeset
|
58 |
u'</div>')) |
1527
c8ca1782e252
controller fixes
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1467
diff
changeset
|
59 |
wrapper.__name__ = func.__name__ |
1419 | 60 |
return wrapper |
61 |
||
8162
d5b02af28125
[deprecation] add cw version number to deprecation warning
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8128
diff
changeset
|
62 |
@deprecated('[3.15] check_pageid is deprecated, use AjaxFunction appobjects instead') |
1419 | 63 |
def check_pageid(func): |
64 |
"""decorator which checks the given pageid is found in the |
|
65 |
user's session data |
|
66 |
""" |
|
67 |
def wrapper(self, *args, **kwargs): |
|
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5201
diff
changeset
|
68 |
data = self._cw.session.data.get(self._cw.pageid) |
1419 | 69 |
if data is None: |
3451
6b46d73823f5
[api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3377
diff
changeset
|
70 |
raise RemoteCallFailed(self._cw._('pageid-not-found')) |
1419 | 71 |
return func(self, *args, **kwargs) |
72 |
return wrapper |
|
73 |
||
74 |
||
0 | 75 |
class LoginController(Controller): |
3377
dd9d292b6a6d
use __regid__ instead of id on appobject classes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3369
diff
changeset
|
76 |
__regid__ = 'login' |
5584
c1823448f81d
[web] disallow authenticated users to access to the login form (closes #914873)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5546
diff
changeset
|
77 |
__select__ = anonymous_user() |
0 | 78 |
|
79 |
def publish(self, rset=None): |
|
2476
1294a6bdf3bf
application -> instance where it makes sense
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2458
diff
changeset
|
80 |
"""log in the instance""" |
4072
ead446e70c28
some api update
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4023
diff
changeset
|
81 |
if self._cw.vreg.config['auth-mode'] == 'http': |
0 | 82 |
# HTTP authentication |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5201
diff
changeset
|
83 |
raise AuthenticationError() |
0 | 84 |
else: |
85 |
# Cookie authentication |
|
3451
6b46d73823f5
[api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3377
diff
changeset
|
86 |
return self.appli.need_login_content(self._cw) |
0 | 87 |
|
8311
76a44a0d7f4b
[login] split authentication logic from post authentication logic (closes #2200755)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8267
diff
changeset
|
88 |
class LoginControllerForAuthed(Controller): |
76a44a0d7f4b
[login] split authentication logic from post authentication logic (closes #2200755)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8267
diff
changeset
|
89 |
__regid__ = 'login' |
76a44a0d7f4b
[login] split authentication logic from post authentication logic (closes #2200755)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8267
diff
changeset
|
90 |
__select__ = ~anonymous_user() |
76a44a0d7f4b
[login] split authentication logic from post authentication logic (closes #2200755)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8267
diff
changeset
|
91 |
|
76a44a0d7f4b
[login] split authentication logic from post authentication logic (closes #2200755)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8267
diff
changeset
|
92 |
def publish(self, rset=None): |
76a44a0d7f4b
[login] split authentication logic from post authentication logic (closes #2200755)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8267
diff
changeset
|
93 |
"""log in the instance""" |
8487
017af22e7678
[web test] fix tests broken by 8de41063d629
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8485
diff
changeset
|
94 |
path = self._cw.form.get('postlogin_path', '') |
8485
8de41063d629
[web login] fix after login redirection: redirect expect an url not a relative path. Breaks on cases like '?vid=aview'. Closes #2423575
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8444
diff
changeset
|
95 |
# redirect expect an url, not a path. Also path may contains a query |
8de41063d629
[web login] fix after login redirection: redirect expect an url not a relative path. Breaks on cases like '?vid=aview'. Closes #2423575
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8444
diff
changeset
|
96 |
# string, hence should not be given to _cw.build_url() |
8de41063d629
[web login] fix after login redirection: redirect expect an url not a relative path. Breaks on cases like '?vid=aview'. Closes #2423575
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8444
diff
changeset
|
97 |
raise Redirect(self._cw.base_url() + path) |
8311
76a44a0d7f4b
[login] split authentication logic from post authentication logic (closes #2200755)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8267
diff
changeset
|
98 |
|
1419 | 99 |
|
0 | 100 |
class LogoutController(Controller): |
3377
dd9d292b6a6d
use __regid__ instead of id on appobject classes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3369
diff
changeset
|
101 |
__regid__ = 'logout' |
1419 | 102 |
|
0 | 103 |
def publish(self, rset=None): |
2476
1294a6bdf3bf
application -> instance where it makes sense
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2458
diff
changeset
|
104 |
"""logout from the instance""" |
4911
898c35be5873
#750055: make it easier to change post logout url
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4741
diff
changeset
|
105 |
return self.appli.session_handler.logout(self._cw, self.goto_url()) |
0 | 106 |
|
4911
898c35be5873
#750055: make it easier to change post logout url
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4741
diff
changeset
|
107 |
def goto_url(self): |
898c35be5873
#750055: make it easier to change post logout url
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4741
diff
changeset
|
108 |
# * in http auth mode, url will be ignored |
898c35be5873
#750055: make it easier to change post logout url
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4741
diff
changeset
|
109 |
# * in cookie mode redirecting to the index view is enough : either |
898c35be5873
#750055: make it easier to change post logout url
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4741
diff
changeset
|
110 |
# anonymous connection is allowed and the page will be displayed or |
898c35be5873
#750055: make it easier to change post logout url
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4741
diff
changeset
|
111 |
# we'll be redirected to the login form |
898c35be5873
#750055: make it easier to change post logout url
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4741
diff
changeset
|
112 |
msg = self._cw._('you have been logged out') |
5200
2b454c6ab7ef
[web] on logout, use the base_url argument of build_url instead of hacking the request to get proper url. This fix a bug on site with http/https versions: the session cookie is badly removed on logout
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5198
diff
changeset
|
113 |
# force base_url so on dual http/https configuration, we generate an url |
2b454c6ab7ef
[web] on logout, use the base_url argument of build_url instead of hacking the request to get proper url. This fix a bug on site with http/https versions: the session cookie is badly removed on logout
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5198
diff
changeset
|
114 |
# on the http version of the site |
7432
cab99ccdb774
[ui messages, xss] Start migration towards use of _msgid instead of __message (prone to XSS injection) closes #1698245
Arthur Lutz <arthur.lutz@logilab.fr>
parents:
7393
diff
changeset
|
115 |
return self._cw.build_url('view', vid='loggedout', |
5200
2b454c6ab7ef
[web] on logout, use the base_url argument of build_url instead of hacking the request to get proper url. This fix a bug on site with http/https versions: the session cookie is badly removed on logout
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5198
diff
changeset
|
116 |
base_url=self._cw.vreg.config['base-url']) |
2b454c6ab7ef
[web] on logout, use the base_url argument of build_url instead of hacking the request to get proper url. This fix a bug on site with http/https versions: the session cookie is badly removed on logout
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5198
diff
changeset
|
117 |
|
0 | 118 |
|
119 |
class ViewController(Controller): |
|
823
cb8ccbef8fa5
main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
808
diff
changeset
|
120 |
"""standard entry point : |
cb8ccbef8fa5
main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
808
diff
changeset
|
121 |
- build result set |
cb8ccbef8fa5
main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
808
diff
changeset
|
122 |
- select and call main template |
cb8ccbef8fa5
main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
808
diff
changeset
|
123 |
""" |
3377
dd9d292b6a6d
use __regid__ instead of id on appobject classes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3369
diff
changeset
|
124 |
__regid__ = 'view' |
823
cb8ccbef8fa5
main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
808
diff
changeset
|
125 |
template = 'main-template' |
1419 | 126 |
|
0 | 127 |
def publish(self, rset=None): |
128 |
"""publish a request, returning an encoded string""" |
|
823
cb8ccbef8fa5
main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
808
diff
changeset
|
129 |
view, rset = self._select_view_and_rset(rset) |
cb8ccbef8fa5
main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
808
diff
changeset
|
130 |
self.add_to_breadcrumbs(view) |
cb8ccbef8fa5
main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
808
diff
changeset
|
131 |
self.validate_cache(view) |
3451
6b46d73823f5
[api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3377
diff
changeset
|
132 |
template = self.appli.main_template_id(self._cw) |
6b46d73823f5
[api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3377
diff
changeset
|
133 |
return self._cw.vreg['views'].main_template(self._cw, template, |
6582
8eb7883b4223
[pylint] fix a bug of pylint detected errors and i18n pb (calling builtins._ instead of req._)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6545
diff
changeset
|
134 |
rset=rset, view=view) |
823
cb8ccbef8fa5
main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
808
diff
changeset
|
135 |
|
cb8ccbef8fa5
main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
808
diff
changeset
|
136 |
def _select_view_and_rset(self, rset): |
3451
6b46d73823f5
[api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3377
diff
changeset
|
137 |
req = self._cw |
823
cb8ccbef8fa5
main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
808
diff
changeset
|
138 |
if rset is None and not hasattr(req, '_rql_processed'): |
cb8ccbef8fa5
main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
808
diff
changeset
|
139 |
req._rql_processed = True |
5244
5467674ad101
[web] put a fake object that raise Unauthorized on any attribute access as req.cnx and req._user, so we are properly asked to authenticated on any view that tries to do something with one of those attributes (instead of doing defensive programming everywhere we're doing that)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5223
diff
changeset
|
140 |
if req.cnx: |
5715
2c3e83817a8e
[view] add a new entity_call method to entity view protocol, allowing some to work with not yet created entities. Also, start considering 'eid' form parameters where we only consider 'rql', so we can move on bloquing arbitrary rql inputs (more to do on this...)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5658
diff
changeset
|
141 |
rset = self.process_rql() |
5244
5467674ad101
[web] put a fake object that raise Unauthorized on any attribute access as req.cnx and req._user, so we are properly asked to authenticated on any view that tries to do something with one of those attributes (instead of doing defensive programming everywhere we're doing that)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5223
diff
changeset
|
142 |
else: |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5201
diff
changeset
|
143 |
rset = None |
3659 | 144 |
vid = req.form.get('vid') or vid_from_rset(req, rset, self._cw.vreg.schema) |
823
cb8ccbef8fa5
main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
808
diff
changeset
|
145 |
try: |
3451
6b46d73823f5
[api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3377
diff
changeset
|
146 |
view = self._cw.vreg['views'].select(vid, req, rset=rset) |
823
cb8ccbef8fa5
main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
808
diff
changeset
|
147 |
except ObjectNotFound: |
cb8ccbef8fa5
main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
808
diff
changeset
|
148 |
self.warning("the view %s could not be found", vid) |
cb8ccbef8fa5
main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
808
diff
changeset
|
149 |
req.set_message(req._("The view %s could not be found") % vid) |
3659 | 150 |
vid = vid_from_rset(req, rset, self._cw.vreg.schema) |
3451
6b46d73823f5
[api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3377
diff
changeset
|
151 |
view = self._cw.vreg['views'].select(vid, req, rset=rset) |
823
cb8ccbef8fa5
main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
808
diff
changeset
|
152 |
except NoSelectableObject: |
cb8ccbef8fa5
main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
808
diff
changeset
|
153 |
if rset: |
cb8ccbef8fa5
main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
808
diff
changeset
|
154 |
req.set_message(req._("The view %s can not be applied to this query") % vid) |
cb8ccbef8fa5
main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
808
diff
changeset
|
155 |
else: |
3144
a5deac822a13
Bugfix: message was not written in english
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
2870
diff
changeset
|
156 |
req.set_message(req._("You have no access to this view or it can not " |
a5deac822a13
Bugfix: message was not written in english
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
2870
diff
changeset
|
157 |
"be used to display the current data.")) |
3890
d7a270f50f54
backport stable branch (one more time painfully)
Sylvain Thénault <sylvain.thenault@logilab.fr>
diff
changeset
|
158 |
vid = req.form.get('fallbackvid') or vid_from_rset(req, rset, req.vreg.schema) |
d7a270f50f54
backport stable branch (one more time painfully)
Sylvain Thénault <sylvain.thenault@logilab.fr>
diff
changeset
|
159 |
view = req.vreg['views'].select(vid, req, rset=rset) |
823
cb8ccbef8fa5
main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
808
diff
changeset
|
160 |
return view, rset |
cb8ccbef8fa5
main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
808
diff
changeset
|
161 |
|
cb8ccbef8fa5
main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
808
diff
changeset
|
162 |
def add_to_breadcrumbs(self, view): |
6302
ca5d09ff0379
[book - #1251259] reorganize plan for basetemplate, talk about class attributes
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents:
6283
diff
changeset
|
163 |
# update breadcrumbs **before** validating cache, unless the view |
823
cb8ccbef8fa5
main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
808
diff
changeset
|
164 |
# specifies explicitly it should not be added to breadcrumb or the |
cb8ccbef8fa5
main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
808
diff
changeset
|
165 |
# view is a binary view |
cb8ccbef8fa5
main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
808
diff
changeset
|
166 |
if view.add_to_breadcrumbs and not view.binary: |
3451
6b46d73823f5
[api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3377
diff
changeset
|
167 |
self._cw.update_breadcrumbs() |
823
cb8ccbef8fa5
main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
808
diff
changeset
|
168 |
|
0 | 169 |
def execute_linkto(self, eid=None): |
170 |
"""XXX __linkto parameter may cause security issue |
|
171 |
||
172 |
defined here since custom application controller inheriting from this |
|
173 |
one use this method? |
|
174 |
""" |
|
3451
6b46d73823f5
[api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3377
diff
changeset
|
175 |
req = self._cw |
0 | 176 |
if not '__linkto' in req.form: |
177 |
return |
|
178 |
if eid is None: |
|
179 |
eid = typed_eid(req.form['eid']) |
|
180 |
for linkto in req.list_form_param('__linkto', pop=True): |
|
181 |
rtype, eids, target = linkto.split(':') |
|
182 |
assert target in ('subject', 'object') |
|
183 |
eids = eids.split('_') |
|
184 |
if target == 'subject': |
|
185 |
rql = 'SET X %s Y WHERE X eid %%(x)s, Y eid %%(y)s' % rtype |
|
186 |
else: |
|
187 |
rql = 'SET Y %s X WHERE X eid %%(x)s, Y eid %%(y)s' % rtype |
|
188 |
for teid in eids: |
|
5174
78438ad513ca
#759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5159
diff
changeset
|
189 |
req.execute(rql, {'x': eid, 'y': typed_eid(teid)}) |
0 | 190 |
|
191 |
||
2240
ff84892900ac
factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2079
diff
changeset
|
192 |
def _validation_error(req, ex): |
2293 | 193 |
req.cnx.rollback() |
4719
aaed3f813ef8
kill dead/useless code as suggested by pylint
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4638
diff
changeset
|
194 |
# XXX necessary to remove existant validation error? |
aaed3f813ef8
kill dead/useless code as suggested by pylint
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4638
diff
changeset
|
195 |
# imo (syt), it's not necessary |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5201
diff
changeset
|
196 |
req.session.data.pop(req.form.get('__errorurl'), None) |
2240
ff84892900ac
factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2079
diff
changeset
|
197 |
foreid = ex.entity |
ff84892900ac
factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2079
diff
changeset
|
198 |
eidmap = req.data.get('eidmap', {}) |
ff84892900ac
factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2079
diff
changeset
|
199 |
for var, eid in eidmap.items(): |
ff84892900ac
factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2079
diff
changeset
|
200 |
if foreid == eid: |
ff84892900ac
factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2079
diff
changeset
|
201 |
foreid = var |
ff84892900ac
factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2079
diff
changeset
|
202 |
break |
ff84892900ac
factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2079
diff
changeset
|
203 |
return (foreid, ex.errors) |
ff84892900ac
factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2079
diff
changeset
|
204 |
|
3232
eccb7380dc3b
[controllers] allow onsuccess / onfailure callback to be passed to validateform
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3144
diff
changeset
|
205 |
|
2240
ff84892900ac
factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2079
diff
changeset
|
206 |
def _validate_form(req, vreg): |
ff84892900ac
factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2079
diff
changeset
|
207 |
# XXX should use the `RemoteCallFailed` mechanism |
ff84892900ac
factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2079
diff
changeset
|
208 |
try: |
2650
18aec79ec3a3
R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2559
diff
changeset
|
209 |
ctrl = vreg['controllers'].select('edit', req=req) |
2240
ff84892900ac
factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2079
diff
changeset
|
210 |
except NoSelectableObject: |
3232
eccb7380dc3b
[controllers] allow onsuccess / onfailure callback to be passed to validateform
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3144
diff
changeset
|
211 |
return (False, {None: req._('not authorized')}, None) |
2240
ff84892900ac
factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2079
diff
changeset
|
212 |
try: |
2255
c346af0727ca
more generic way to detect json requests (not yet perfect though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2240
diff
changeset
|
213 |
ctrl.publish(None) |
2240
ff84892900ac
factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2079
diff
changeset
|
214 |
except ValidationError, ex: |
3232
eccb7380dc3b
[controllers] allow onsuccess / onfailure callback to be passed to validateform
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3144
diff
changeset
|
215 |
return (False, _validation_error(req, ex), ctrl._edited_entity) |
2240
ff84892900ac
factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2079
diff
changeset
|
216 |
except Redirect, ex: |
ff84892900ac
factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2079
diff
changeset
|
217 |
try: |
8267
486386d9f836
[web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents:
8190
diff
changeset
|
218 |
txuuid = req.cnx.commit() # ValidationError may be raised on commit |
2240
ff84892900ac
factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2079
diff
changeset
|
219 |
except ValidationError, ex: |
3232
eccb7380dc3b
[controllers] allow onsuccess / onfailure callback to be passed to validateform
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3144
diff
changeset
|
220 |
return (False, _validation_error(req, ex), ctrl._edited_entity) |
3571
54743fc6172c
[json validation] catch everything here
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3518
diff
changeset
|
221 |
except Exception, ex: |
54743fc6172c
[json validation] catch everything here
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3518
diff
changeset
|
222 |
req.cnx.rollback() |
54743fc6172c
[json validation] catch everything here
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3518
diff
changeset
|
223 |
req.exception('unexpected error while validating form') |
6107
05061eda1fa7
[web controller]Â don't try to translate arbitrary exception message
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5940
diff
changeset
|
224 |
return (False, str(ex).decode('utf-8'), ctrl._edited_entity) |
2240
ff84892900ac
factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2079
diff
changeset
|
225 |
else: |
8267
486386d9f836
[web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents:
8190
diff
changeset
|
226 |
if txuuid is not None: |
486386d9f836
[web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents:
8190
diff
changeset
|
227 |
req.data['last_undoable_transaction'] = txuuid |
3608
5a46e68c3d3c
[editcontroller] backout (sort of) removal of entity.complete() in validate_form
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3599
diff
changeset
|
228 |
# complete entity: it can be used in js callbacks where we might |
5a46e68c3d3c
[editcontroller] backout (sort of) removal of entity.complete() in validate_form
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3599
diff
changeset
|
229 |
# want every possible information |
5a46e68c3d3c
[editcontroller] backout (sort of) removal of entity.complete() in validate_form
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3599
diff
changeset
|
230 |
if ctrl._edited_entity: |
5a46e68c3d3c
[editcontroller] backout (sort of) removal of entity.complete() in validate_form
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3599
diff
changeset
|
231 |
ctrl._edited_entity.complete() |
3232
eccb7380dc3b
[controllers] allow onsuccess / onfailure callback to be passed to validateform
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3144
diff
changeset
|
232 |
return (True, ex.location, ctrl._edited_entity) |
2240
ff84892900ac
factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2079
diff
changeset
|
233 |
except Exception, ex: |
ff84892900ac
factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2079
diff
changeset
|
234 |
req.cnx.rollback() |
ff84892900ac
factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2079
diff
changeset
|
235 |
req.exception('unexpected error while validating form') |
6107
05061eda1fa7
[web controller]Â don't try to translate arbitrary exception message
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5940
diff
changeset
|
236 |
return (False, str(ex).decode('utf-8'), ctrl._edited_entity) |
3232
eccb7380dc3b
[controllers] allow onsuccess / onfailure callback to be passed to validateform
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3144
diff
changeset
|
237 |
return (False, '???', None) |
2240
ff84892900ac
factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2079
diff
changeset
|
238 |
|
ff84892900ac
factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2079
diff
changeset
|
239 |
|
0 | 240 |
class FormValidatorController(Controller): |
3377
dd9d292b6a6d
use __regid__ instead of id on appobject classes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3369
diff
changeset
|
241 |
__regid__ = 'validateform' |
0 | 242 |
|
3232
eccb7380dc3b
[controllers] allow onsuccess / onfailure callback to be passed to validateform
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3144
diff
changeset
|
243 |
def response(self, domid, status, args, entity): |
3451
6b46d73823f5
[api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3377
diff
changeset
|
244 |
callback = str(self._cw.form.get('__onsuccess', 'null')) |
6b46d73823f5
[api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3377
diff
changeset
|
245 |
errback = str(self._cw.form.get('__onfailure', 'null')) |
6b46d73823f5
[api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3377
diff
changeset
|
246 |
cbargs = str(self._cw.form.get('__cbargs', 'null')) |
6b46d73823f5
[api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3377
diff
changeset
|
247 |
self._cw.set_content_type('text/html') |
5556
9ab2b4c74baf
[entity] introduce a new 'adapters' registry
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5555
diff
changeset
|
248 |
jsargs = json_dumps((status, args, entity)) |
2557
200985d3258d
make it easy to change response of FormValidatorController
Florent <florent@secondweb.fr>
parents:
2555
diff
changeset
|
249 |
return """<script type="text/javascript"> |
3343
383b42263bb1
[validatecontroller] allow additional args to be passed to the js callback
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3327
diff
changeset
|
250 |
window.parent.handleFormValidationResponse('%s', %s, %s, %s, %s); |
383b42263bb1
[validatecontroller] allow additional args to be passed to the js callback
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3327
diff
changeset
|
251 |
</script>""" % (domid, callback, errback, jsargs, cbargs) |
2557
200985d3258d
make it easy to change response of FormValidatorController
Florent <florent@secondweb.fr>
parents:
2555
diff
changeset
|
252 |
|
0 | 253 |
def publish(self, rset=None): |
8128
0a927fe4541b
[controllers] deprecate JSonController and implement AjaxController / ajax-func registry (closes #2110265)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
8116
diff
changeset
|
254 |
self._cw.ajax_request = True |
2240
ff84892900ac
factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2079
diff
changeset
|
255 |
# XXX unclear why we have a separated controller here vs |
ff84892900ac
factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2079
diff
changeset
|
256 |
# js_validate_form on the json controller |
3451
6b46d73823f5
[api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3377
diff
changeset
|
257 |
status, args, entity = _validate_form(self._cw, self._cw.vreg) |
6b46d73823f5
[api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3377
diff
changeset
|
258 |
domid = self._cw.form.get('__domid', 'entityForm').encode( |
6b46d73823f5
[api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3377
diff
changeset
|
259 |
self._cw.encoding) |
3232
eccb7380dc3b
[controllers] allow onsuccess / onfailure callback to be passed to validateform
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3144
diff
changeset
|
260 |
return self.response(domid, status, args, entity) |
0 | 261 |
|
6684
b8bd0ecced2e
minor cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6683
diff
changeset
|
262 |
|
0 | 263 |
class JSonController(Controller): |
3377
dd9d292b6a6d
use __regid__ instead of id on appobject classes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3369
diff
changeset
|
264 |
__regid__ = 'json' |
0 | 265 |
|
266 |
def publish(self, rset=None): |
|
8128
0a927fe4541b
[controllers] deprecate JSonController and implement AjaxController / ajax-func registry (closes #2110265)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
8116
diff
changeset
|
267 |
warn('[3.15] JSONController is deprecated, use AjaxController instead', |
0a927fe4541b
[controllers] deprecate JSonController and implement AjaxController / ajax-func registry (closes #2110265)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
8116
diff
changeset
|
268 |
DeprecationWarning) |
0a927fe4541b
[controllers] deprecate JSonController and implement AjaxController / ajax-func registry (closes #2110265)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
8116
diff
changeset
|
269 |
ajax_controller = self._cw.vreg['controllers'].select('ajax', self._cw, appli=self.appli) |
0a927fe4541b
[controllers] deprecate JSonController and implement AjaxController / ajax-func registry (closes #2110265)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
8116
diff
changeset
|
270 |
return ajax_controller.publish(rset) |
1419 | 271 |
|
603
18c6c31bbaf4
[controllers] a set_cookie method
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
581
diff
changeset
|
272 |
|
5366
5f116a4d8a54
[masmailing] cleanup: use authenticated_user selectors, define stuff on form instead of on selection when possible, other cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5200
diff
changeset
|
273 |
# XXX move to massmailing |
5556
9ab2b4c74baf
[entity] introduce a new 'adapters' registry
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5555
diff
changeset
|
274 |
class MailBugReportController(Controller): |
3377
dd9d292b6a6d
use __regid__ instead of id on appobject classes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3369
diff
changeset
|
275 |
__regid__ = 'reportbug' |
4894
41c28ddca055
[cleanup selectors] use authenticated_user, check for form params instead of handling potential key error on missing params
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4741
diff
changeset
|
276 |
__select__ = match_form_params('description') |
0 | 277 |
|
278 |
def publish(self, rset=None): |
|
8084
e22c17e1710d
[email bug report] _cw.config bw compat has been dropped, use _cw.vreg.config (+ small cleanup). Closes #2086985
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8056
diff
changeset
|
279 |
req = self._cw |
8605
797fc2e2fb78
[web] add a digital signature to error form (closes #2522526)
David Douard <david.douard@logilab.fr>
parents:
8487
diff
changeset
|
280 |
desc = req.form['description'] |
797fc2e2fb78
[web] add a digital signature to error form (closes #2522526)
David Douard <david.douard@logilab.fr>
parents:
8487
diff
changeset
|
281 |
# The description is generated and signed by cubicweb itself, check |
797fc2e2fb78
[web] add a digital signature to error form (closes #2522526)
David Douard <david.douard@logilab.fr>
parents:
8487
diff
changeset
|
282 |
# description's signature so we don't want to send spam here |
797fc2e2fb78
[web] add a digital signature to error form (closes #2522526)
David Douard <david.douard@logilab.fr>
parents:
8487
diff
changeset
|
283 |
sign = req.form.get('__signature', '') |
797fc2e2fb78
[web] add a digital signature to error form (closes #2522526)
David Douard <david.douard@logilab.fr>
parents:
8487
diff
changeset
|
284 |
if not (sign and req.vreg.config.check_text_sign(desc, sign)): |
797fc2e2fb78
[web] add a digital signature to error form (closes #2522526)
David Douard <david.douard@logilab.fr>
parents:
8487
diff
changeset
|
285 |
raise Forbidden('Invalid content') |
8084
e22c17e1710d
[email bug report] _cw.config bw compat has been dropped, use _cw.vreg.config (+ small cleanup). Closes #2086985
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8056
diff
changeset
|
286 |
self.sendmail(req.vreg.config['submit-mail'], |
e22c17e1710d
[email bug report] _cw.config bw compat has been dropped, use _cw.vreg.config (+ small cleanup). Closes #2086985
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8056
diff
changeset
|
287 |
req._('%s error report') % req.vreg.config.appid, |
8605
797fc2e2fb78
[web] add a digital signature to error form (closes #2522526)
David Douard <david.douard@logilab.fr>
parents:
8487
diff
changeset
|
288 |
desc) |
8084
e22c17e1710d
[email bug report] _cw.config bw compat has been dropped, use _cw.vreg.config (+ small cleanup). Closes #2086985
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8056
diff
changeset
|
289 |
raise Redirect(req.build_url(__message=req._('bug report sent'))) |
1419 | 290 |
|
4913
083b4d454192
server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents:
4894
diff
changeset
|
291 |
|
5556
9ab2b4c74baf
[entity] introduce a new 'adapters' registry
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5555
diff
changeset
|
292 |
class UndoController(Controller): |
4913
083b4d454192
server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents:
4894
diff
changeset
|
293 |
__regid__ = 'undo' |
083b4d454192
server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents:
4894
diff
changeset
|
294 |
__select__ = authenticated_user() & match_form_params('txuuid') |
083b4d454192
server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents:
4894
diff
changeset
|
295 |
|
083b4d454192
server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents:
4894
diff
changeset
|
296 |
def publish(self, rset=None): |
083b4d454192
server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents:
4894
diff
changeset
|
297 |
txuuid = self._cw.form['txuuid'] |
8267
486386d9f836
[web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents:
8190
diff
changeset
|
298 |
try: |
486386d9f836
[web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents:
8190
diff
changeset
|
299 |
self._cw.cnx.undo_transaction(txuuid) |
486386d9f836
[web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents:
8190
diff
changeset
|
300 |
except UndoTransactionException, exc: |
486386d9f836
[web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents:
8190
diff
changeset
|
301 |
errors = exc.errors |
486386d9f836
[web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents:
8190
diff
changeset
|
302 |
#This will cause a rollback in main_publish |
486386d9f836
[web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents:
8190
diff
changeset
|
303 |
raise ValidationError(None, {None: '\n'.join(errors)}) |
486386d9f836
[web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents:
8190
diff
changeset
|
304 |
else : |
486386d9f836
[web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents:
8190
diff
changeset
|
305 |
self.redirect() # Will raise Redirect |
4913
083b4d454192
server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents:
4894
diff
changeset
|
306 |
|
7557
a397305f3976
[controller] UndoController: fix output method (closes: #1776091)
Julien Jehannet <julien.jehannet@logilab.fr>
parents:
7528
diff
changeset
|
307 |
def redirect(self, msg=None): |
4913
083b4d454192
server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents:
4894
diff
changeset
|
308 |
req = self._cw |
7557
a397305f3976
[controller] UndoController: fix output method (closes: #1776091)
Julien Jehannet <julien.jehannet@logilab.fr>
parents:
7528
diff
changeset
|
309 |
msg = msg or req._("transaction undone") |
8267
486386d9f836
[web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents:
8190
diff
changeset
|
310 |
self._return_to_lastpage( dict(_cwmsgid= req.set_redirect_message(msg)) ) |
486386d9f836
[web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents:
8190
diff
changeset
|
311 |