web/views/basecontrollers.py
author David Douard <david.douard@logilab.fr>
Fri, 30 Nov 2012 21:19:36 +0100
branchstable
changeset 8608 1a87ccdf12a3
parent 8605 797fc2e2fb78
child 8609 112a04c0473d
permissions -rw-r--r--
Added tag cubicweb-debian-version-3.15.6-1 for changeset b05e156b8fe7
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
8162
d5b02af28125 [deprecation] add cw version number to deprecation warning
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8128
diff changeset
     1
# copyright 2003-2012 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
5421
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5389
diff changeset
     2
# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5389
diff changeset
     3
#
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5389
diff changeset
     4
# This file is part of CubicWeb.
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5389
diff changeset
     5
#
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5389
diff changeset
     6
# CubicWeb is free software: you can redistribute it and/or modify it under the
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5389
diff changeset
     7
# terms of the GNU Lesser General Public License as published by the Free
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5389
diff changeset
     8
# Software Foundation, either version 2.1 of the License, or (at your option)
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5389
diff changeset
     9
# any later version.
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5389
diff changeset
    10
#
5424
8ecbcbff9777 replace logilab-common by CubicWeb in disclaimer
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5421
diff changeset
    11
# CubicWeb is distributed in the hope that it will be useful, but WITHOUT
5421
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5389
diff changeset
    12
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5389
diff changeset
    13
# FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5389
diff changeset
    14
# details.
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5389
diff changeset
    15
#
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5389
diff changeset
    16
# You should have received a copy of the GNU Lesser General Public License along
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5389
diff changeset
    17
# with CubicWeb.  If not, see <http://www.gnu.org/licenses/>.
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
    18
"""Set of base controllers, which are directly plugged into the application
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
    19
object to handle publication.
5626
c80e8aa1935e cleanup
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5584
diff changeset
    20
"""
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
    21
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
    22
__docformat__ = "restructuredtext en"
6582
8eb7883b4223 [pylint] fix a bug of pylint detected errors and i18n pb (calling builtins._ instead of req._)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6545
diff changeset
    23
_ = unicode
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
    24
8128
0a927fe4541b [controllers] deprecate JSonController and implement AjaxController / ajax-func registry (closes #2110265)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 8116
diff changeset
    25
from warnings import warn
0a927fe4541b [controllers] deprecate JSonController and implement AjaxController / ajax-func registry (closes #2110265)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 8116
diff changeset
    26
7824
18ce47d4a17f [jsoncontroller] deprecate the now unused js_set_cookie (closes #1944810)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 7609
diff changeset
    27
from logilab.common.deprecation import deprecated
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
    28
5223
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5201
diff changeset
    29
from cubicweb import (NoSelectableObject, ObjectNotFound, ValidationError,
8605
797fc2e2fb78 [web] add a digital signature to error form (closes #2522526)
David Douard <david.douard@logilab.fr>
parents: 8487
diff changeset
    30
                      AuthenticationError, typed_eid, UndoTransactionException,
797fc2e2fb78 [web] add a digital signature to error form (closes #2522526)
David Douard <david.douard@logilab.fr>
parents: 8487
diff changeset
    31
                      Forbidden)
8128
0a927fe4541b [controllers] deprecate JSonController and implement AjaxController / ajax-func registry (closes #2110265)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 8116
diff changeset
    32
from cubicweb.utils import json_dumps
8190
2a3c1b787688 [vreg] move base registry implementation to logilab.common. Closes #1916014
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8162
diff changeset
    33
from cubicweb.predicates import (authenticated_user, anonymous_user,
8128
0a927fe4541b [controllers] deprecate JSonController and implement AjaxController / ajax-func registry (closes #2110265)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 8116
diff changeset
    34
                                match_form_params)
0a927fe4541b [controllers] deprecate JSonController and implement AjaxController / ajax-func registry (closes #2110265)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 8116
diff changeset
    35
from cubicweb.web import Redirect, RemoteCallFailed
8267
486386d9f836 [web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents: 8190
diff changeset
    36
from cubicweb.web.controller import Controller, append_url_params
8128
0a927fe4541b [controllers] deprecate JSonController and implement AjaxController / ajax-func registry (closes #2110265)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 8116
diff changeset
    37
from cubicweb.web.views import vid_from_rset
8267
486386d9f836 [web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents: 8190
diff changeset
    38
import cubicweb.transaction as tx
1419
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    39
8162
d5b02af28125 [deprecation] add cw version number to deprecation warning
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8128
diff changeset
    40
@deprecated('[3.15] jsonize is deprecated, use AjaxFunction appobjects instead')
1419
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    41
def jsonize(func):
5940
0e3ae19b181a [uilib] refactor json_dumps code organization
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5869
diff changeset
    42
    """decorator to sets correct content_type and calls `json_dumps` on
1419
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    43
    results
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    44
    """
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    45
    def wrapper(self, *args, **kwargs):
3451
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
    46
        self._cw.set_content_type('application/json')
1635
866563e2d0fc don't depends on simplejson outside web/
sylvain.thenault@logilab.fr
parents: 1560
diff changeset
    47
        return json_dumps(func(self, *args, **kwargs))
1527
c8ca1782e252 controller fixes
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 1467
diff changeset
    48
    wrapper.__name__ = func.__name__
1419
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    49
    return wrapper
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    50
8162
d5b02af28125 [deprecation] add cw version number to deprecation warning
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8128
diff changeset
    51
@deprecated('[3.15] xhtmlize is deprecated, use AjaxFunction appobjects instead')
1419
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    52
def xhtmlize(func):
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    53
    """decorator to sets correct content_type and calls `xmlize` on results"""
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    54
    def wrapper(self, *args, **kwargs):
3451
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
    55
        self._cw.set_content_type(self._cw.html_content_type())
1419
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    56
        result = func(self, *args, **kwargs)
3451
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
    57
        return ''.join((self._cw.document_surrounding_div(), result.strip(),
2559
46859078c866 [R xhtml] remove xhtml_wrap* function, use instead a single req.document_surrounding_div method
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2557
diff changeset
    58
                        u'</div>'))
1527
c8ca1782e252 controller fixes
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 1467
diff changeset
    59
    wrapper.__name__ = func.__name__
1419
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    60
    return wrapper
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    61
8162
d5b02af28125 [deprecation] add cw version number to deprecation warning
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8128
diff changeset
    62
@deprecated('[3.15] check_pageid is deprecated, use AjaxFunction appobjects instead')
1419
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    63
def check_pageid(func):
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    64
    """decorator which checks the given pageid is found in the
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    65
    user's session data
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    66
    """
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    67
    def wrapper(self, *args, **kwargs):
5223
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5201
diff changeset
    68
        data = self._cw.session.data.get(self._cw.pageid)
1419
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    69
        if data is None:
3451
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
    70
            raise RemoteCallFailed(self._cw._('pageid-not-found'))
1419
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    71
        return func(self, *args, **kwargs)
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    72
    return wrapper
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    73
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    74
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
    75
class LoginController(Controller):
3377
dd9d292b6a6d use __regid__ instead of id on appobject classes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 3369
diff changeset
    76
    __regid__ = 'login'
5584
c1823448f81d [web] disallow authenticated users to access to the login form (closes #914873)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5546
diff changeset
    77
    __select__ = anonymous_user()
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
    78
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
    79
    def publish(self, rset=None):
2476
1294a6bdf3bf application -> instance where it makes sense
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2458
diff changeset
    80
        """log in the instance"""
4072
ead446e70c28 some api update
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4023
diff changeset
    81
        if self._cw.vreg.config['auth-mode'] == 'http':
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
    82
            # HTTP authentication
5223
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5201
diff changeset
    83
            raise AuthenticationError()
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
    84
        else:
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
    85
            # Cookie authentication
3451
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
    86
            return self.appli.need_login_content(self._cw)
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
    87
8311
76a44a0d7f4b [login] split authentication logic from post authentication logic (closes #2200755)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 8267
diff changeset
    88
class LoginControllerForAuthed(Controller):
76a44a0d7f4b [login] split authentication logic from post authentication logic (closes #2200755)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 8267
diff changeset
    89
    __regid__ = 'login'
76a44a0d7f4b [login] split authentication logic from post authentication logic (closes #2200755)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 8267
diff changeset
    90
    __select__ = ~anonymous_user()
76a44a0d7f4b [login] split authentication logic from post authentication logic (closes #2200755)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 8267
diff changeset
    91
76a44a0d7f4b [login] split authentication logic from post authentication logic (closes #2200755)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 8267
diff changeset
    92
    def publish(self, rset=None):
76a44a0d7f4b [login] split authentication logic from post authentication logic (closes #2200755)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 8267
diff changeset
    93
        """log in the instance"""
8487
017af22e7678 [web test] fix tests broken by 8de41063d629
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8485
diff changeset
    94
        path = self._cw.form.get('postlogin_path', '')
8485
8de41063d629 [web login] fix after login redirection: redirect expect an url not a relative path. Breaks on cases like '?vid=aview'. Closes #2423575
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8444
diff changeset
    95
        # redirect expect an url, not a path. Also path may contains a query
8de41063d629 [web login] fix after login redirection: redirect expect an url not a relative path. Breaks on cases like '?vid=aview'. Closes #2423575
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8444
diff changeset
    96
        # string, hence should not be given to _cw.build_url()
8de41063d629 [web login] fix after login redirection: redirect expect an url not a relative path. Breaks on cases like '?vid=aview'. Closes #2423575
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8444
diff changeset
    97
        raise Redirect(self._cw.base_url() + path)
8311
76a44a0d7f4b [login] split authentication logic from post authentication logic (closes #2200755)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 8267
diff changeset
    98
1419
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    99
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   100
class LogoutController(Controller):
3377
dd9d292b6a6d use __regid__ instead of id on appobject classes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 3369
diff changeset
   101
    __regid__ = 'logout'
1419
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
   102
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   103
    def publish(self, rset=None):
2476
1294a6bdf3bf application -> instance where it makes sense
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2458
diff changeset
   104
        """logout from the instance"""
4911
898c35be5873 #750055: make it easier to change post logout url
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4741
diff changeset
   105
        return self.appli.session_handler.logout(self._cw, self.goto_url())
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   106
4911
898c35be5873 #750055: make it easier to change post logout url
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4741
diff changeset
   107
    def goto_url(self):
898c35be5873 #750055: make it easier to change post logout url
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4741
diff changeset
   108
        # * in http auth mode, url will be ignored
898c35be5873 #750055: make it easier to change post logout url
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4741
diff changeset
   109
        # * in cookie mode redirecting to the index view is enough : either
898c35be5873 #750055: make it easier to change post logout url
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4741
diff changeset
   110
        #   anonymous connection is allowed and the page will be displayed or
898c35be5873 #750055: make it easier to change post logout url
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4741
diff changeset
   111
        #   we'll be redirected to the login form
898c35be5873 #750055: make it easier to change post logout url
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4741
diff changeset
   112
        msg = self._cw._('you have been logged out')
5200
2b454c6ab7ef [web] on logout, use the base_url argument of build_url instead of hacking the request to get proper url. This fix a bug on site with http/https versions: the session cookie is badly removed on logout
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5198
diff changeset
   113
        # force base_url so on dual http/https configuration, we generate an url
2b454c6ab7ef [web] on logout, use the base_url argument of build_url instead of hacking the request to get proper url. This fix a bug on site with http/https versions: the session cookie is badly removed on logout
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5198
diff changeset
   114
        # on the http version of the site
7432
cab99ccdb774 [ui messages, xss] Start migration towards use of _msgid instead of __message (prone to XSS injection) closes #1698245
Arthur Lutz <arthur.lutz@logilab.fr>
parents: 7393
diff changeset
   115
        return self._cw.build_url('view', vid='loggedout',
5200
2b454c6ab7ef [web] on logout, use the base_url argument of build_url instead of hacking the request to get proper url. This fix a bug on site with http/https versions: the session cookie is badly removed on logout
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5198
diff changeset
   116
                                  base_url=self._cw.vreg.config['base-url'])
2b454c6ab7ef [web] on logout, use the base_url argument of build_url instead of hacking the request to get proper url. This fix a bug on site with http/https versions: the session cookie is badly removed on logout
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5198
diff changeset
   117
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   118
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   119
class ViewController(Controller):
823
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   120
    """standard entry point :
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   121
    - build result set
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   122
    - select and call main template
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   123
    """
3377
dd9d292b6a6d use __regid__ instead of id on appobject classes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 3369
diff changeset
   124
    __regid__ = 'view'
823
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   125
    template = 'main-template'
1419
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
   126
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   127
    def publish(self, rset=None):
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   128
        """publish a request, returning an encoded string"""
823
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   129
        view, rset = self._select_view_and_rset(rset)
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   130
        self.add_to_breadcrumbs(view)
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   131
        self.validate_cache(view)
3451
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
   132
        template = self.appli.main_template_id(self._cw)
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
   133
        return self._cw.vreg['views'].main_template(self._cw, template,
6582
8eb7883b4223 [pylint] fix a bug of pylint detected errors and i18n pb (calling builtins._ instead of req._)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6545
diff changeset
   134
                                                    rset=rset, view=view)
823
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   135
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   136
    def _select_view_and_rset(self, rset):
3451
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
   137
        req = self._cw
823
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   138
        if rset is None and not hasattr(req, '_rql_processed'):
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   139
            req._rql_processed = True
5244
5467674ad101 [web] put a fake object that raise Unauthorized on any attribute access as req.cnx and req._user, so we are properly asked to authenticated on any view that tries to do something with one of those attributes (instead of doing defensive programming everywhere we're doing that)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5223
diff changeset
   140
            if req.cnx:
5715
2c3e83817a8e [view] add a new entity_call method to entity view protocol, allowing some to work with not yet created entities. Also, start considering 'eid' form parameters where we only consider 'rql', so we can move on bloquing arbitrary rql inputs (more to do on this...)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5658
diff changeset
   141
                rset = self.process_rql()
5244
5467674ad101 [web] put a fake object that raise Unauthorized on any attribute access as req.cnx and req._user, so we are properly asked to authenticated on any view that tries to do something with one of those attributes (instead of doing defensive programming everywhere we're doing that)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5223
diff changeset
   142
            else:
5223
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5201
diff changeset
   143
                rset = None
3659
993997b4b41d 3.6 update
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 3629
diff changeset
   144
        vid = req.form.get('vid') or vid_from_rset(req, rset, self._cw.vreg.schema)
823
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   145
        try:
3451
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
   146
            view = self._cw.vreg['views'].select(vid, req, rset=rset)
823
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   147
        except ObjectNotFound:
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   148
            self.warning("the view %s could not be found", vid)
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   149
            req.set_message(req._("The view %s could not be found") % vid)
3659
993997b4b41d 3.6 update
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 3629
diff changeset
   150
            vid = vid_from_rset(req, rset, self._cw.vreg.schema)
3451
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
   151
            view = self._cw.vreg['views'].select(vid, req, rset=rset)
823
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   152
        except NoSelectableObject:
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   153
            if rset:
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   154
                req.set_message(req._("The view %s can not be applied to this query") % vid)
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   155
            else:
3144
a5deac822a13 Bugfix: message was not written in english
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents: 2870
diff changeset
   156
                req.set_message(req._("You have no access to this view or it can not "
a5deac822a13 Bugfix: message was not written in english
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents: 2870
diff changeset
   157
                                      "be used to display the current data."))
3890
d7a270f50f54 backport stable branch (one more time painfully)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 3777 3816
diff changeset
   158
            vid = req.form.get('fallbackvid') or vid_from_rset(req, rset, req.vreg.schema)
d7a270f50f54 backport stable branch (one more time painfully)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 3777 3816
diff changeset
   159
            view = req.vreg['views'].select(vid, req, rset=rset)
823
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   160
        return view, rset
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   161
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   162
    def add_to_breadcrumbs(self, view):
6302
ca5d09ff0379 [book - #1251259] reorganize plan for basetemplate, talk about class attributes
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6283
diff changeset
   163
        # update breadcrumbs **before** validating cache, unless the view
823
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   164
        # specifies explicitly it should not be added to breadcrumb or the
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   165
        # view is a binary view
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   166
        if view.add_to_breadcrumbs and not view.binary:
3451
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
   167
            self._cw.update_breadcrumbs()
823
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   168
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   169
    def execute_linkto(self, eid=None):
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   170
        """XXX __linkto parameter may cause security issue
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   171
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   172
        defined here since custom application controller inheriting from this
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   173
        one use this method?
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   174
        """
3451
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
   175
        req = self._cw
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   176
        if not '__linkto' in req.form:
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   177
            return
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   178
        if eid is None:
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   179
            eid = typed_eid(req.form['eid'])
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   180
        for linkto in req.list_form_param('__linkto', pop=True):
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   181
            rtype, eids, target = linkto.split(':')
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   182
            assert target in ('subject', 'object')
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   183
            eids = eids.split('_')
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   184
            if target == 'subject':
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   185
                rql = 'SET X %s Y WHERE X eid %%(x)s, Y eid %%(y)s' % rtype
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   186
            else:
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   187
                rql = 'SET Y %s X WHERE X eid %%(x)s, Y eid %%(y)s' % rtype
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   188
            for teid in eids:
5174
78438ad513ca #759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5159
diff changeset
   189
                req.execute(rql, {'x': eid, 'y': typed_eid(teid)})
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   190
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   191
2240
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   192
def _validation_error(req, ex):
2293
7ded2a1416e4 backport stable branch
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2144 2255
diff changeset
   193
    req.cnx.rollback()
4719
aaed3f813ef8 kill dead/useless code as suggested by pylint
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4638
diff changeset
   194
    # XXX necessary to remove existant validation error?
aaed3f813ef8 kill dead/useless code as suggested by pylint
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4638
diff changeset
   195
    # imo (syt), it's not necessary
5223
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5201
diff changeset
   196
    req.session.data.pop(req.form.get('__errorurl'), None)
2240
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   197
    foreid = ex.entity
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   198
    eidmap = req.data.get('eidmap', {})
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   199
    for var, eid in eidmap.items():
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   200
        if foreid == eid:
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   201
            foreid = var
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   202
            break
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   203
    return (foreid, ex.errors)
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   204
3232
eccb7380dc3b [controllers] allow onsuccess / onfailure callback to be passed to validateform
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3144
diff changeset
   205
2240
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   206
def _validate_form(req, vreg):
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   207
    # XXX should use the `RemoteCallFailed` mechanism
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   208
    try:
2650
18aec79ec3a3 R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2559
diff changeset
   209
        ctrl = vreg['controllers'].select('edit', req=req)
2240
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   210
    except NoSelectableObject:
3232
eccb7380dc3b [controllers] allow onsuccess / onfailure callback to be passed to validateform
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3144
diff changeset
   211
        return (False, {None: req._('not authorized')}, None)
2240
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   212
    try:
2255
c346af0727ca more generic way to detect json requests (not yet perfect though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2240
diff changeset
   213
        ctrl.publish(None)
2240
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   214
    except ValidationError, ex:
3232
eccb7380dc3b [controllers] allow onsuccess / onfailure callback to be passed to validateform
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3144
diff changeset
   215
        return (False, _validation_error(req, ex), ctrl._edited_entity)
2240
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   216
    except Redirect, ex:
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   217
        try:
8267
486386d9f836 [web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents: 8190
diff changeset
   218
            txuuid = req.cnx.commit() # ValidationError may be raised on commit
2240
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   219
        except ValidationError, ex:
3232
eccb7380dc3b [controllers] allow onsuccess / onfailure callback to be passed to validateform
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3144
diff changeset
   220
            return (False, _validation_error(req, ex), ctrl._edited_entity)
3571
54743fc6172c [json validation] catch everything here
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 3518
diff changeset
   221
        except Exception, ex:
54743fc6172c [json validation] catch everything here
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 3518
diff changeset
   222
            req.cnx.rollback()
54743fc6172c [json validation] catch everything here
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 3518
diff changeset
   223
            req.exception('unexpected error while validating form')
6107
05061eda1fa7 [web controller] don't try to translate arbitrary exception message
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5940
diff changeset
   224
            return (False, str(ex).decode('utf-8'), ctrl._edited_entity)
2240
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   225
        else:
8267
486386d9f836 [web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents: 8190
diff changeset
   226
            if txuuid is not None:
486386d9f836 [web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents: 8190
diff changeset
   227
                req.data['last_undoable_transaction'] = txuuid
3608
5a46e68c3d3c [editcontroller] backout (sort of) removal of entity.complete() in validate_form
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3599
diff changeset
   228
            # complete entity: it can be used in js callbacks where we might
5a46e68c3d3c [editcontroller] backout (sort of) removal of entity.complete() in validate_form
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3599
diff changeset
   229
            # want every possible information
5a46e68c3d3c [editcontroller] backout (sort of) removal of entity.complete() in validate_form
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3599
diff changeset
   230
            if ctrl._edited_entity:
5a46e68c3d3c [editcontroller] backout (sort of) removal of entity.complete() in validate_form
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3599
diff changeset
   231
                ctrl._edited_entity.complete()
3232
eccb7380dc3b [controllers] allow onsuccess / onfailure callback to be passed to validateform
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3144
diff changeset
   232
            return (True, ex.location, ctrl._edited_entity)
2240
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   233
    except Exception, ex:
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   234
        req.cnx.rollback()
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   235
        req.exception('unexpected error while validating form')
6107
05061eda1fa7 [web controller] don't try to translate arbitrary exception message
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5940
diff changeset
   236
        return (False, str(ex).decode('utf-8'), ctrl._edited_entity)
3232
eccb7380dc3b [controllers] allow onsuccess / onfailure callback to be passed to validateform
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3144
diff changeset
   237
    return (False, '???', None)
2240
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   238
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   239
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   240
class FormValidatorController(Controller):
3377
dd9d292b6a6d use __regid__ instead of id on appobject classes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 3369
diff changeset
   241
    __regid__ = 'validateform'
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   242
3232
eccb7380dc3b [controllers] allow onsuccess / onfailure callback to be passed to validateform
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3144
diff changeset
   243
    def response(self, domid, status, args, entity):
3451
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
   244
        callback = str(self._cw.form.get('__onsuccess', 'null'))
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
   245
        errback = str(self._cw.form.get('__onfailure', 'null'))
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
   246
        cbargs = str(self._cw.form.get('__cbargs', 'null'))
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
   247
        self._cw.set_content_type('text/html')
5556
9ab2b4c74baf [entity] introduce a new 'adapters' registry
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5555
diff changeset
   248
        jsargs = json_dumps((status, args, entity))
2557
200985d3258d make it easy to change response of FormValidatorController
Florent <florent@secondweb.fr>
parents: 2555
diff changeset
   249
        return """<script type="text/javascript">
3343
383b42263bb1 [validatecontroller] allow additional args to be passed to the js callback
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3327
diff changeset
   250
 window.parent.handleFormValidationResponse('%s', %s, %s, %s, %s);
383b42263bb1 [validatecontroller] allow additional args to be passed to the js callback
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3327
diff changeset
   251
</script>""" %  (domid, callback, errback, jsargs, cbargs)
2557
200985d3258d make it easy to change response of FormValidatorController
Florent <florent@secondweb.fr>
parents: 2555
diff changeset
   252
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   253
    def publish(self, rset=None):
8128
0a927fe4541b [controllers] deprecate JSonController and implement AjaxController / ajax-func registry (closes #2110265)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 8116
diff changeset
   254
        self._cw.ajax_request = True
2240
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   255
        # XXX unclear why we have a separated controller here vs
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   256
        # js_validate_form on the json controller
3451
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
   257
        status, args, entity = _validate_form(self._cw, self._cw.vreg)
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
   258
        domid = self._cw.form.get('__domid', 'entityForm').encode(
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
   259
            self._cw.encoding)
3232
eccb7380dc3b [controllers] allow onsuccess / onfailure callback to be passed to validateform
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3144
diff changeset
   260
        return self.response(domid, status, args, entity)
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   261
6684
b8bd0ecced2e minor cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6683
diff changeset
   262
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   263
class JSonController(Controller):
3377
dd9d292b6a6d use __regid__ instead of id on appobject classes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 3369
diff changeset
   264
    __regid__ = 'json'
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   265
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   266
    def publish(self, rset=None):
8128
0a927fe4541b [controllers] deprecate JSonController and implement AjaxController / ajax-func registry (closes #2110265)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 8116
diff changeset
   267
        warn('[3.15] JSONController is deprecated, use AjaxController instead',
0a927fe4541b [controllers] deprecate JSonController and implement AjaxController / ajax-func registry (closes #2110265)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 8116
diff changeset
   268
             DeprecationWarning)
0a927fe4541b [controllers] deprecate JSonController and implement AjaxController / ajax-func registry (closes #2110265)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 8116
diff changeset
   269
        ajax_controller = self._cw.vreg['controllers'].select('ajax', self._cw, appli=self.appli)
0a927fe4541b [controllers] deprecate JSonController and implement AjaxController / ajax-func registry (closes #2110265)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 8116
diff changeset
   270
        return ajax_controller.publish(rset)
1419
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
   271
603
18c6c31bbaf4 [controllers] a set_cookie method
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 581
diff changeset
   272
5366
5f116a4d8a54 [masmailing] cleanup: use authenticated_user selectors, define stuff on form instead of on selection when possible, other cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5200
diff changeset
   273
# XXX move to massmailing
5556
9ab2b4c74baf [entity] introduce a new 'adapters' registry
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5555
diff changeset
   274
class MailBugReportController(Controller):
3377
dd9d292b6a6d use __regid__ instead of id on appobject classes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 3369
diff changeset
   275
    __regid__ = 'reportbug'
4894
41c28ddca055 [cleanup selectors] use authenticated_user, check for form params instead of handling potential key error on missing params
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4741
diff changeset
   276
    __select__ = match_form_params('description')
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   277
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   278
    def publish(self, rset=None):
8084
e22c17e1710d [email bug report] _cw.config bw compat has been dropped, use _cw.vreg.config (+ small cleanup). Closes #2086985
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8056
diff changeset
   279
        req = self._cw
8605
797fc2e2fb78 [web] add a digital signature to error form (closes #2522526)
David Douard <david.douard@logilab.fr>
parents: 8487
diff changeset
   280
        desc = req.form['description']
797fc2e2fb78 [web] add a digital signature to error form (closes #2522526)
David Douard <david.douard@logilab.fr>
parents: 8487
diff changeset
   281
        # The description is generated and signed by cubicweb itself, check
797fc2e2fb78 [web] add a digital signature to error form (closes #2522526)
David Douard <david.douard@logilab.fr>
parents: 8487
diff changeset
   282
        # description's signature so we don't want to send spam here
797fc2e2fb78 [web] add a digital signature to error form (closes #2522526)
David Douard <david.douard@logilab.fr>
parents: 8487
diff changeset
   283
        sign = req.form.get('__signature', '')
797fc2e2fb78 [web] add a digital signature to error form (closes #2522526)
David Douard <david.douard@logilab.fr>
parents: 8487
diff changeset
   284
        if not (sign and req.vreg.config.check_text_sign(desc, sign)):
797fc2e2fb78 [web] add a digital signature to error form (closes #2522526)
David Douard <david.douard@logilab.fr>
parents: 8487
diff changeset
   285
            raise Forbidden('Invalid content')
8084
e22c17e1710d [email bug report] _cw.config bw compat has been dropped, use _cw.vreg.config (+ small cleanup). Closes #2086985
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8056
diff changeset
   286
        self.sendmail(req.vreg.config['submit-mail'],
e22c17e1710d [email bug report] _cw.config bw compat has been dropped, use _cw.vreg.config (+ small cleanup). Closes #2086985
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8056
diff changeset
   287
                      req._('%s error report') % req.vreg.config.appid,
8605
797fc2e2fb78 [web] add a digital signature to error form (closes #2522526)
David Douard <david.douard@logilab.fr>
parents: 8487
diff changeset
   288
                      desc)
8084
e22c17e1710d [email bug report] _cw.config bw compat has been dropped, use _cw.vreg.config (+ small cleanup). Closes #2086985
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8056
diff changeset
   289
        raise Redirect(req.build_url(__message=req._('bug report sent')))
1419
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
   290
4913
083b4d454192 server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents: 4894
diff changeset
   291
5556
9ab2b4c74baf [entity] introduce a new 'adapters' registry
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5555
diff changeset
   292
class UndoController(Controller):
4913
083b4d454192 server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents: 4894
diff changeset
   293
    __regid__ = 'undo'
083b4d454192 server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents: 4894
diff changeset
   294
    __select__ = authenticated_user() & match_form_params('txuuid')
083b4d454192 server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents: 4894
diff changeset
   295
083b4d454192 server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents: 4894
diff changeset
   296
    def publish(self, rset=None):
083b4d454192 server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents: 4894
diff changeset
   297
        txuuid = self._cw.form['txuuid']
8267
486386d9f836 [web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents: 8190
diff changeset
   298
        try:
486386d9f836 [web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents: 8190
diff changeset
   299
            self._cw.cnx.undo_transaction(txuuid)
486386d9f836 [web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents: 8190
diff changeset
   300
        except UndoTransactionException, exc:
486386d9f836 [web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents: 8190
diff changeset
   301
            errors = exc.errors
486386d9f836 [web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents: 8190
diff changeset
   302
            #This will cause a rollback in main_publish
486386d9f836 [web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents: 8190
diff changeset
   303
            raise ValidationError(None, {None: '\n'.join(errors)})
486386d9f836 [web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents: 8190
diff changeset
   304
        else :
486386d9f836 [web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents: 8190
diff changeset
   305
            self.redirect() # Will raise Redirect
4913
083b4d454192 server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents: 4894
diff changeset
   306
7557
a397305f3976 [controller] UndoController: fix output method (closes: #1776091)
Julien Jehannet <julien.jehannet@logilab.fr>
parents: 7528
diff changeset
   307
    def redirect(self, msg=None):
4913
083b4d454192 server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents: 4894
diff changeset
   308
        req = self._cw
7557
a397305f3976 [controller] UndoController: fix output method (closes: #1776091)
Julien Jehannet <julien.jehannet@logilab.fr>
parents: 7528
diff changeset
   309
        msg = msg or req._("transaction undone")
8267
486386d9f836 [web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents: 8190
diff changeset
   310
        self._return_to_lastpage( dict(_cwmsgid= req.set_redirect_message(msg)) )
486386d9f836 [web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents: 8190
diff changeset
   311