web/views/basecontrollers.py
author Julien Cristau <julien.cristau@logilab.fr>
Mon, 22 Jun 2015 11:28:16 +0200
changeset 10406 9c7461bf99a7
parent 9700 da7d341cca76
child 10411 4ee15441f2eb
permissions -rw-r--r--
[web/views] don't force http redirect on logout We no longer forbid anonymous browsing on https, so we can keep the same scheme when logged out. Closes #5507479.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
9229
739ae5366bed [web] stop using deprecated StatusResponse. Closes #3098215
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8974
diff changeset
     1
# copyright 2003-2013 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
5421
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5389
diff changeset
     2
# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5389
diff changeset
     3
#
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5389
diff changeset
     4
# This file is part of CubicWeb.
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5389
diff changeset
     5
#
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5389
diff changeset
     6
# CubicWeb is free software: you can redistribute it and/or modify it under the
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5389
diff changeset
     7
# terms of the GNU Lesser General Public License as published by the Free
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5389
diff changeset
     8
# Software Foundation, either version 2.1 of the License, or (at your option)
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5389
diff changeset
     9
# any later version.
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5389
diff changeset
    10
#
5424
8ecbcbff9777 replace logilab-common by CubicWeb in disclaimer
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5421
diff changeset
    11
# CubicWeb is distributed in the hope that it will be useful, but WITHOUT
5421
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5389
diff changeset
    12
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5389
diff changeset
    13
# FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5389
diff changeset
    14
# details.
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5389
diff changeset
    15
#
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5389
diff changeset
    16
# You should have received a copy of the GNU Lesser General Public License along
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5389
diff changeset
    17
# with CubicWeb.  If not, see <http://www.gnu.org/licenses/>.
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
    18
"""Set of base controllers, which are directly plugged into the application
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
    19
object to handle publication.
5626
c80e8aa1935e cleanup
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5584
diff changeset
    20
"""
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
    21
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
    22
__docformat__ = "restructuredtext en"
6582
8eb7883b4223 [pylint] fix a bug of pylint detected errors and i18n pb (calling builtins._ instead of req._)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6545
diff changeset
    23
_ = unicode
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
    24
8128
0a927fe4541b [controllers] deprecate JSonController and implement AjaxController / ajax-func registry (closes #2110265)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 8116
diff changeset
    25
from warnings import warn
0a927fe4541b [controllers] deprecate JSonController and implement AjaxController / ajax-func registry (closes #2110265)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 8116
diff changeset
    26
7824
18ce47d4a17f [jsoncontroller] deprecate the now unused js_set_cookie (closes #1944810)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 7609
diff changeset
    27
from logilab.common.deprecation import deprecated
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
    28
5223
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5201
diff changeset
    29
from cubicweb import (NoSelectableObject, ObjectNotFound, ValidationError,
8748
f5027f8d2478 drop typed_eid() in favour of int() (closes #2742462)
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents: 8695
diff changeset
    30
                      AuthenticationError, UndoTransactionException,
8605
797fc2e2fb78 [web] add a digital signature to error form (closes #2522526)
David Douard <david.douard@logilab.fr>
parents: 8487
diff changeset
    31
                      Forbidden)
8128
0a927fe4541b [controllers] deprecate JSonController and implement AjaxController / ajax-func registry (closes #2110265)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 8116
diff changeset
    32
from cubicweb.utils import json_dumps
8190
2a3c1b787688 [vreg] move base registry implementation to logilab.common. Closes #1916014
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8162
diff changeset
    33
from cubicweb.predicates import (authenticated_user, anonymous_user,
8128
0a927fe4541b [controllers] deprecate JSonController and implement AjaxController / ajax-func registry (closes #2110265)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 8116
diff changeset
    34
                                match_form_params)
0a927fe4541b [controllers] deprecate JSonController and implement AjaxController / ajax-func registry (closes #2110265)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 8116
diff changeset
    35
from cubicweb.web import Redirect, RemoteCallFailed
8267
486386d9f836 [web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents: 8190
diff changeset
    36
from cubicweb.web.controller import Controller, append_url_params
8128
0a927fe4541b [controllers] deprecate JSonController and implement AjaxController / ajax-func registry (closes #2110265)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 8116
diff changeset
    37
from cubicweb.web.views import vid_from_rset
8267
486386d9f836 [web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents: 8190
diff changeset
    38
import cubicweb.transaction as tx
1419
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    39
8162
d5b02af28125 [deprecation] add cw version number to deprecation warning
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8128
diff changeset
    40
@deprecated('[3.15] jsonize is deprecated, use AjaxFunction appobjects instead')
1419
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    41
def jsonize(func):
5940
0e3ae19b181a [uilib] refactor json_dumps code organization
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5869
diff changeset
    42
    """decorator to sets correct content_type and calls `json_dumps` on
1419
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    43
    results
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    44
    """
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    45
    def wrapper(self, *args, **kwargs):
3451
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
    46
        self._cw.set_content_type('application/json')
1635
866563e2d0fc don't depends on simplejson outside web/
sylvain.thenault@logilab.fr
parents: 1560
diff changeset
    47
        return json_dumps(func(self, *args, **kwargs))
1527
c8ca1782e252 controller fixes
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 1467
diff changeset
    48
    wrapper.__name__ = func.__name__
1419
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    49
    return wrapper
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    50
8162
d5b02af28125 [deprecation] add cw version number to deprecation warning
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8128
diff changeset
    51
@deprecated('[3.15] xhtmlize is deprecated, use AjaxFunction appobjects instead')
1419
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    52
def xhtmlize(func):
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    53
    """decorator to sets correct content_type and calls `xmlize` on results"""
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    54
    def wrapper(self, *args, **kwargs):
3451
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
    55
        self._cw.set_content_type(self._cw.html_content_type())
1419
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    56
        result = func(self, *args, **kwargs)
8974
c8520188eb4b [web request] drop no more necessary request.document_surrounding_div method
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8849
diff changeset
    57
        return ''.join((u'<div>', result.strip(),
2559
46859078c866 [R xhtml] remove xhtml_wrap* function, use instead a single req.document_surrounding_div method
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2557
diff changeset
    58
                        u'</div>'))
1527
c8ca1782e252 controller fixes
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 1467
diff changeset
    59
    wrapper.__name__ = func.__name__
1419
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    60
    return wrapper
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    61
8162
d5b02af28125 [deprecation] add cw version number to deprecation warning
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8128
diff changeset
    62
@deprecated('[3.15] check_pageid is deprecated, use AjaxFunction appobjects instead')
1419
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    63
def check_pageid(func):
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    64
    """decorator which checks the given pageid is found in the
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    65
    user's session data
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    66
    """
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    67
    def wrapper(self, *args, **kwargs):
5223
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5201
diff changeset
    68
        data = self._cw.session.data.get(self._cw.pageid)
1419
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    69
        if data is None:
3451
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
    70
            raise RemoteCallFailed(self._cw._('pageid-not-found'))
1419
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    71
        return func(self, *args, **kwargs)
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    72
    return wrapper
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    73
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    74
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
    75
class LoginController(Controller):
3377
dd9d292b6a6d use __regid__ instead of id on appobject classes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 3369
diff changeset
    76
    __regid__ = 'login'
5584
c1823448f81d [web] disallow authenticated users to access to the login form (closes #914873)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5546
diff changeset
    77
    __select__ = anonymous_user()
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
    78
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
    79
    def publish(self, rset=None):
2476
1294a6bdf3bf application -> instance where it makes sense
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2458
diff changeset
    80
        """log in the instance"""
4072
ead446e70c28 some api update
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4023
diff changeset
    81
        if self._cw.vreg.config['auth-mode'] == 'http':
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
    82
            # HTTP authentication
5223
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5201
diff changeset
    83
            raise AuthenticationError()
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
    84
        else:
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
    85
            # Cookie authentication
3451
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
    86
            return self.appli.need_login_content(self._cw)
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
    87
8311
76a44a0d7f4b [login] split authentication logic from post authentication logic (closes #2200755)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 8267
diff changeset
    88
class LoginControllerForAuthed(Controller):
76a44a0d7f4b [login] split authentication logic from post authentication logic (closes #2200755)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 8267
diff changeset
    89
    __regid__ = 'login'
76a44a0d7f4b [login] split authentication logic from post authentication logic (closes #2200755)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 8267
diff changeset
    90
    __select__ = ~anonymous_user()
76a44a0d7f4b [login] split authentication logic from post authentication logic (closes #2200755)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 8267
diff changeset
    91
76a44a0d7f4b [login] split authentication logic from post authentication logic (closes #2200755)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 8267
diff changeset
    92
    def publish(self, rset=None):
76a44a0d7f4b [login] split authentication logic from post authentication logic (closes #2200755)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 8267
diff changeset
    93
        """log in the instance"""
8487
017af22e7678 [web test] fix tests broken by 8de41063d629
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8485
diff changeset
    94
        path = self._cw.form.get('postlogin_path', '')
9700
da7d341cca76 an URL -> a URL
Rémi Cardona <remi.cardona@logilab.fr>
parents: 9229
diff changeset
    95
        # redirect expect a URL, not a path. Also path may contains a query
8485
8de41063d629 [web login] fix after login redirection: redirect expect an url not a relative path. Breaks on cases like '?vid=aview'. Closes #2423575
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8444
diff changeset
    96
        # string, hence should not be given to _cw.build_url()
8de41063d629 [web login] fix after login redirection: redirect expect an url not a relative path. Breaks on cases like '?vid=aview'. Closes #2423575
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8444
diff changeset
    97
        raise Redirect(self._cw.base_url() + path)
8311
76a44a0d7f4b [login] split authentication logic from post authentication logic (closes #2200755)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 8267
diff changeset
    98
1419
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
    99
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   100
class LogoutController(Controller):
3377
dd9d292b6a6d use __regid__ instead of id on appobject classes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 3369
diff changeset
   101
    __regid__ = 'logout'
1419
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
   102
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   103
    def publish(self, rset=None):
2476
1294a6bdf3bf application -> instance where it makes sense
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2458
diff changeset
   104
        """logout from the instance"""
4911
898c35be5873 #750055: make it easier to change post logout url
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4741
diff changeset
   105
        return self.appli.session_handler.logout(self._cw, self.goto_url())
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   106
4911
898c35be5873 #750055: make it easier to change post logout url
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4741
diff changeset
   107
    def goto_url(self):
898c35be5873 #750055: make it easier to change post logout url
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4741
diff changeset
   108
        # * in http auth mode, url will be ignored
898c35be5873 #750055: make it easier to change post logout url
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4741
diff changeset
   109
        # * in cookie mode redirecting to the index view is enough : either
898c35be5873 #750055: make it easier to change post logout url
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4741
diff changeset
   110
        #   anonymous connection is allowed and the page will be displayed or
898c35be5873 #750055: make it easier to change post logout url
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4741
diff changeset
   111
        #   we'll be redirected to the login form
898c35be5873 #750055: make it easier to change post logout url
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4741
diff changeset
   112
        msg = self._cw._('you have been logged out')
10406
9c7461bf99a7 [web/views] don't force http redirect on logout
Julien Cristau <julien.cristau@logilab.fr>
parents: 9700
diff changeset
   113
        return self._cw.build_url('view', vid='loggedout')
5200
2b454c6ab7ef [web] on logout, use the base_url argument of build_url instead of hacking the request to get proper url. This fix a bug on site with http/https versions: the session cookie is badly removed on logout
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5198
diff changeset
   114
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   115
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   116
class ViewController(Controller):
823
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   117
    """standard entry point :
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   118
    - build result set
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   119
    - select and call main template
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   120
    """
3377
dd9d292b6a6d use __regid__ instead of id on appobject classes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 3369
diff changeset
   121
    __regid__ = 'view'
823
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   122
    template = 'main-template'
1419
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
   123
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   124
    def publish(self, rset=None):
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   125
        """publish a request, returning an encoded string"""
823
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   126
        view, rset = self._select_view_and_rset(rset)
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   127
        self.add_to_breadcrumbs(view)
9229
739ae5366bed [web] stop using deprecated StatusResponse. Closes #3098215
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8974
diff changeset
   128
        view.set_http_cache_headers()
739ae5366bed [web] stop using deprecated StatusResponse. Closes #3098215
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8974
diff changeset
   129
        if self._cw.is_client_cache_valid():
739ae5366bed [web] stop using deprecated StatusResponse. Closes #3098215
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8974
diff changeset
   130
            return ''
3451
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
   131
        template = self.appli.main_template_id(self._cw)
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
   132
        return self._cw.vreg['views'].main_template(self._cw, template,
6582
8eb7883b4223 [pylint] fix a bug of pylint detected errors and i18n pb (calling builtins._ instead of req._)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6545
diff changeset
   133
                                                    rset=rset, view=view)
823
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   134
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   135
    def _select_view_and_rset(self, rset):
3451
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
   136
        req = self._cw
823
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   137
        if rset is None and not hasattr(req, '_rql_processed'):
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   138
            req._rql_processed = True
5244
5467674ad101 [web] put a fake object that raise Unauthorized on any attribute access as req.cnx and req._user, so we are properly asked to authenticated on any view that tries to do something with one of those attributes (instead of doing defensive programming everywhere we're doing that)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5223
diff changeset
   139
            if req.cnx:
5715
2c3e83817a8e [view] add a new entity_call method to entity view protocol, allowing some to work with not yet created entities. Also, start considering 'eid' form parameters where we only consider 'rql', so we can move on bloquing arbitrary rql inputs (more to do on this...)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5658
diff changeset
   140
                rset = self.process_rql()
5244
5467674ad101 [web] put a fake object that raise Unauthorized on any attribute access as req.cnx and req._user, so we are properly asked to authenticated on any view that tries to do something with one of those attributes (instead of doing defensive programming everywhere we're doing that)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5223
diff changeset
   141
            else:
5223
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5201
diff changeset
   142
                rset = None
3659
993997b4b41d 3.6 update
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 3629
diff changeset
   143
        vid = req.form.get('vid') or vid_from_rset(req, rset, self._cw.vreg.schema)
823
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   144
        try:
3451
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
   145
            view = self._cw.vreg['views'].select(vid, req, rset=rset)
823
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   146
        except ObjectNotFound:
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   147
            self.warning("the view %s could not be found", vid)
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   148
            req.set_message(req._("The view %s could not be found") % vid)
3659
993997b4b41d 3.6 update
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 3629
diff changeset
   149
            vid = vid_from_rset(req, rset, self._cw.vreg.schema)
3451
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
   150
            view = self._cw.vreg['views'].select(vid, req, rset=rset)
823
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   151
        except NoSelectableObject:
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   152
            if rset:
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   153
                req.set_message(req._("The view %s can not be applied to this query") % vid)
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   154
            else:
3144
a5deac822a13 Bugfix: message was not written in english
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents: 2870
diff changeset
   155
                req.set_message(req._("You have no access to this view or it can not "
a5deac822a13 Bugfix: message was not written in english
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents: 2870
diff changeset
   156
                                      "be used to display the current data."))
3890
d7a270f50f54 backport stable branch (one more time painfully)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 3777 3816
diff changeset
   157
            vid = req.form.get('fallbackvid') or vid_from_rset(req, rset, req.vreg.schema)
d7a270f50f54 backport stable branch (one more time painfully)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 3777 3816
diff changeset
   158
            view = req.vreg['views'].select(vid, req, rset=rset)
823
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   159
        return view, rset
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   160
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   161
    def add_to_breadcrumbs(self, view):
6302
ca5d09ff0379 [book - #1251259] reorganize plan for basetemplate, talk about class attributes
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6283
diff changeset
   162
        # update breadcrumbs **before** validating cache, unless the view
823
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   163
        # specifies explicitly it should not be added to breadcrumb or the
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   164
        # view is a binary view
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   165
        if view.add_to_breadcrumbs and not view.binary:
3451
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
   166
            self._cw.update_breadcrumbs()
823
cb8ccbef8fa5 main template refactoring
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 808
diff changeset
   167
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   168
    def execute_linkto(self, eid=None):
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   169
        """XXX __linkto parameter may cause security issue
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   170
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   171
        defined here since custom application controller inheriting from this
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   172
        one use this method?
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   173
        """
3451
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
   174
        req = self._cw
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   175
        if not '__linkto' in req.form:
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   176
            return
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   177
        if eid is None:
8748
f5027f8d2478 drop typed_eid() in favour of int() (closes #2742462)
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents: 8695
diff changeset
   178
            eid = int(req.form['eid'])
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   179
        for linkto in req.list_form_param('__linkto', pop=True):
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   180
            rtype, eids, target = linkto.split(':')
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   181
            assert target in ('subject', 'object')
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   182
            eids = eids.split('_')
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   183
            if target == 'subject':
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   184
                rql = 'SET X %s Y WHERE X eid %%(x)s, Y eid %%(y)s' % rtype
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   185
            else:
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   186
                rql = 'SET Y %s X WHERE X eid %%(x)s, Y eid %%(y)s' % rtype
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   187
            for teid in eids:
8748
f5027f8d2478 drop typed_eid() in favour of int() (closes #2742462)
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents: 8695
diff changeset
   188
                req.execute(rql, {'x': eid, 'y': int(teid)})
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   189
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   190
2240
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   191
def _validation_error(req, ex):
2293
7ded2a1416e4 backport stable branch
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2144 2255
diff changeset
   192
    req.cnx.rollback()
8594
001159e2e4f3 [validation api] properly use yams 0.36 validation error api and update message catalog. Follows bbe0d6985e59
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8556
diff changeset
   193
    ex.translate(req._) # translate messages using ui language
4719
aaed3f813ef8 kill dead/useless code as suggested by pylint
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4638
diff changeset
   194
    # XXX necessary to remove existant validation error?
aaed3f813ef8 kill dead/useless code as suggested by pylint
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4638
diff changeset
   195
    # imo (syt), it's not necessary
5223
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5201
diff changeset
   196
    req.session.data.pop(req.form.get('__errorurl'), None)
2240
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   197
    foreid = ex.entity
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   198
    eidmap = req.data.get('eidmap', {})
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   199
    for var, eid in eidmap.items():
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   200
        if foreid == eid:
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   201
            foreid = var
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   202
            break
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   203
    return (foreid, ex.errors)
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   204
3232
eccb7380dc3b [controllers] allow onsuccess / onfailure callback to be passed to validateform
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3144
diff changeset
   205
2240
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   206
def _validate_form(req, vreg):
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   207
    # XXX should use the `RemoteCallFailed` mechanism
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   208
    try:
2650
18aec79ec3a3 R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2559
diff changeset
   209
        ctrl = vreg['controllers'].select('edit', req=req)
2240
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   210
    except NoSelectableObject:
3232
eccb7380dc3b [controllers] allow onsuccess / onfailure callback to be passed to validateform
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3144
diff changeset
   211
        return (False, {None: req._('not authorized')}, None)
2240
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   212
    try:
2255
c346af0727ca more generic way to detect json requests (not yet perfect though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2240
diff changeset
   213
        ctrl.publish(None)
8695
358d8bed9626 [toward-py3k] rewrite to "except AnException as exc:" (part of #2711624)
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents: 8609
diff changeset
   214
    except ValidationError as ex:
3232
eccb7380dc3b [controllers] allow onsuccess / onfailure callback to be passed to validateform
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3144
diff changeset
   215
        return (False, _validation_error(req, ex), ctrl._edited_entity)
8695
358d8bed9626 [toward-py3k] rewrite to "except AnException as exc:" (part of #2711624)
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents: 8609
diff changeset
   216
    except Redirect as ex:
2240
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   217
        try:
8267
486386d9f836 [web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents: 8190
diff changeset
   218
            txuuid = req.cnx.commit() # ValidationError may be raised on commit
8695
358d8bed9626 [toward-py3k] rewrite to "except AnException as exc:" (part of #2711624)
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents: 8609
diff changeset
   219
        except ValidationError as ex:
3232
eccb7380dc3b [controllers] allow onsuccess / onfailure callback to be passed to validateform
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3144
diff changeset
   220
            return (False, _validation_error(req, ex), ctrl._edited_entity)
8695
358d8bed9626 [toward-py3k] rewrite to "except AnException as exc:" (part of #2711624)
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents: 8609
diff changeset
   221
        except Exception as ex:
3571
54743fc6172c [json validation] catch everything here
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 3518
diff changeset
   222
            req.cnx.rollback()
54743fc6172c [json validation] catch everything here
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 3518
diff changeset
   223
            req.exception('unexpected error while validating form')
6107
05061eda1fa7 [web controller] don't try to translate arbitrary exception message
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5940
diff changeset
   224
            return (False, str(ex).decode('utf-8'), ctrl._edited_entity)
2240
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   225
        else:
8267
486386d9f836 [web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents: 8190
diff changeset
   226
            if txuuid is not None:
486386d9f836 [web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents: 8190
diff changeset
   227
                req.data['last_undoable_transaction'] = txuuid
3608
5a46e68c3d3c [editcontroller] backout (sort of) removal of entity.complete() in validate_form
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3599
diff changeset
   228
            # complete entity: it can be used in js callbacks where we might
5a46e68c3d3c [editcontroller] backout (sort of) removal of entity.complete() in validate_form
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3599
diff changeset
   229
            # want every possible information
5a46e68c3d3c [editcontroller] backout (sort of) removal of entity.complete() in validate_form
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3599
diff changeset
   230
            if ctrl._edited_entity:
5a46e68c3d3c [editcontroller] backout (sort of) removal of entity.complete() in validate_form
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3599
diff changeset
   231
                ctrl._edited_entity.complete()
3232
eccb7380dc3b [controllers] allow onsuccess / onfailure callback to be passed to validateform
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3144
diff changeset
   232
            return (True, ex.location, ctrl._edited_entity)
8695
358d8bed9626 [toward-py3k] rewrite to "except AnException as exc:" (part of #2711624)
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents: 8609
diff changeset
   233
    except Exception as ex:
2240
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   234
        req.cnx.rollback()
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   235
        req.exception('unexpected error while validating form')
6107
05061eda1fa7 [web controller] don't try to translate arbitrary exception message
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5940
diff changeset
   236
        return (False, str(ex).decode('utf-8'), ctrl._edited_entity)
3232
eccb7380dc3b [controllers] allow onsuccess / onfailure callback to be passed to validateform
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3144
diff changeset
   237
    return (False, '???', None)
2240
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   238
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   239
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   240
class FormValidatorController(Controller):
3377
dd9d292b6a6d use __regid__ instead of id on appobject classes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 3369
diff changeset
   241
    __regid__ = 'validateform'
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   242
3232
eccb7380dc3b [controllers] allow onsuccess / onfailure callback to be passed to validateform
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3144
diff changeset
   243
    def response(self, domid, status, args, entity):
3451
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
   244
        callback = str(self._cw.form.get('__onsuccess', 'null'))
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
   245
        errback = str(self._cw.form.get('__onfailure', 'null'))
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
   246
        cbargs = str(self._cw.form.get('__cbargs', 'null'))
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
   247
        self._cw.set_content_type('text/html')
5556
9ab2b4c74baf [entity] introduce a new 'adapters' registry
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5555
diff changeset
   248
        jsargs = json_dumps((status, args, entity))
2557
200985d3258d make it easy to change response of FormValidatorController
Florent <florent@secondweb.fr>
parents: 2555
diff changeset
   249
        return """<script type="text/javascript">
3343
383b42263bb1 [validatecontroller] allow additional args to be passed to the js callback
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3327
diff changeset
   250
 window.parent.handleFormValidationResponse('%s', %s, %s, %s, %s);
383b42263bb1 [validatecontroller] allow additional args to be passed to the js callback
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3327
diff changeset
   251
</script>""" %  (domid, callback, errback, jsargs, cbargs)
2557
200985d3258d make it easy to change response of FormValidatorController
Florent <florent@secondweb.fr>
parents: 2555
diff changeset
   252
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   253
    def publish(self, rset=None):
8128
0a927fe4541b [controllers] deprecate JSonController and implement AjaxController / ajax-func registry (closes #2110265)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 8116
diff changeset
   254
        self._cw.ajax_request = True
2240
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   255
        # XXX unclear why we have a separated controller here vs
ff84892900ac factorize form validation code, fix pb with validation error in inlined forms during creation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2079
diff changeset
   256
        # js_validate_form on the json controller
3451
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
   257
        status, args, entity = _validate_form(self._cw, self._cw.vreg)
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
   258
        domid = self._cw.form.get('__domid', 'entityForm').encode(
6b46d73823f5 [api] work in progress, use __regid__, cw_*, etc.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3377
diff changeset
   259
            self._cw.encoding)
3232
eccb7380dc3b [controllers] allow onsuccess / onfailure callback to be passed to validateform
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 3144
diff changeset
   260
        return self.response(domid, status, args, entity)
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   261
6684
b8bd0ecced2e minor cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6683
diff changeset
   262
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   263
class JSonController(Controller):
3377
dd9d292b6a6d use __regid__ instead of id on appobject classes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 3369
diff changeset
   264
    __regid__ = 'json'
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   265
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   266
    def publish(self, rset=None):
8128
0a927fe4541b [controllers] deprecate JSonController and implement AjaxController / ajax-func registry (closes #2110265)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 8116
diff changeset
   267
        warn('[3.15] JSONController is deprecated, use AjaxController instead',
0a927fe4541b [controllers] deprecate JSonController and implement AjaxController / ajax-func registry (closes #2110265)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 8116
diff changeset
   268
             DeprecationWarning)
0a927fe4541b [controllers] deprecate JSonController and implement AjaxController / ajax-func registry (closes #2110265)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 8116
diff changeset
   269
        ajax_controller = self._cw.vreg['controllers'].select('ajax', self._cw, appli=self.appli)
0a927fe4541b [controllers] deprecate JSonController and implement AjaxController / ajax-func registry (closes #2110265)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 8116
diff changeset
   270
        return ajax_controller.publish(rset)
1419
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
   271
603
18c6c31bbaf4 [controllers] a set_cookie method
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 581
diff changeset
   272
5556
9ab2b4c74baf [entity] introduce a new 'adapters' registry
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5555
diff changeset
   273
class MailBugReportController(Controller):
3377
dd9d292b6a6d use __regid__ instead of id on appobject classes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 3369
diff changeset
   274
    __regid__ = 'reportbug'
4894
41c28ddca055 [cleanup selectors] use authenticated_user, check for form params instead of handling potential key error on missing params
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4741
diff changeset
   275
    __select__ = match_form_params('description')
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   276
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset
   277
    def publish(self, rset=None):
8084
e22c17e1710d [email bug report] _cw.config bw compat has been dropped, use _cw.vreg.config (+ small cleanup). Closes #2086985
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8056
diff changeset
   278
        req = self._cw
8605
797fc2e2fb78 [web] add a digital signature to error form (closes #2522526)
David Douard <david.douard@logilab.fr>
parents: 8487
diff changeset
   279
        desc = req.form['description']
797fc2e2fb78 [web] add a digital signature to error form (closes #2522526)
David Douard <david.douard@logilab.fr>
parents: 8487
diff changeset
   280
        # The description is generated and signed by cubicweb itself, check
797fc2e2fb78 [web] add a digital signature to error form (closes #2522526)
David Douard <david.douard@logilab.fr>
parents: 8487
diff changeset
   281
        # description's signature so we don't want to send spam here
797fc2e2fb78 [web] add a digital signature to error form (closes #2522526)
David Douard <david.douard@logilab.fr>
parents: 8487
diff changeset
   282
        sign = req.form.get('__signature', '')
797fc2e2fb78 [web] add a digital signature to error form (closes #2522526)
David Douard <david.douard@logilab.fr>
parents: 8487
diff changeset
   283
        if not (sign and req.vreg.config.check_text_sign(desc, sign)):
797fc2e2fb78 [web] add a digital signature to error form (closes #2522526)
David Douard <david.douard@logilab.fr>
parents: 8487
diff changeset
   284
            raise Forbidden('Invalid content')
8084
e22c17e1710d [email bug report] _cw.config bw compat has been dropped, use _cw.vreg.config (+ small cleanup). Closes #2086985
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8056
diff changeset
   285
        self.sendmail(req.vreg.config['submit-mail'],
e22c17e1710d [email bug report] _cw.config bw compat has been dropped, use _cw.vreg.config (+ small cleanup). Closes #2086985
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8056
diff changeset
   286
                      req._('%s error report') % req.vreg.config.appid,
8605
797fc2e2fb78 [web] add a digital signature to error form (closes #2522526)
David Douard <david.douard@logilab.fr>
parents: 8487
diff changeset
   287
                      desc)
8084
e22c17e1710d [email bug report] _cw.config bw compat has been dropped, use _cw.vreg.config (+ small cleanup). Closes #2086985
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8056
diff changeset
   288
        raise Redirect(req.build_url(__message=req._('bug report sent')))
1419
7ff24154351d javascript + json refactoring
sylvain.thenault@logilab.fr
parents: 1398
diff changeset
   289
4913
083b4d454192 server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents: 4894
diff changeset
   290
5556
9ab2b4c74baf [entity] introduce a new 'adapters' registry
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5555
diff changeset
   291
class UndoController(Controller):
4913
083b4d454192 server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents: 4894
diff changeset
   292
    __regid__ = 'undo'
083b4d454192 server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents: 4894
diff changeset
   293
    __select__ = authenticated_user() & match_form_params('txuuid')
083b4d454192 server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents: 4894
diff changeset
   294
083b4d454192 server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents: 4894
diff changeset
   295
    def publish(self, rset=None):
083b4d454192 server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents: 4894
diff changeset
   296
        txuuid = self._cw.form['txuuid']
8267
486386d9f836 [web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents: 8190
diff changeset
   297
        try:
486386d9f836 [web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents: 8190
diff changeset
   298
            self._cw.cnx.undo_transaction(txuuid)
8695
358d8bed9626 [toward-py3k] rewrite to "except AnException as exc:" (part of #2711624)
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents: 8609
diff changeset
   299
        except UndoTransactionException as exc:
8267
486386d9f836 [web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents: 8190
diff changeset
   300
            errors = exc.errors
486386d9f836 [web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents: 8190
diff changeset
   301
            #This will cause a rollback in main_publish
486386d9f836 [web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents: 8190
diff changeset
   302
            raise ValidationError(None, {None: '\n'.join(errors)})
486386d9f836 [web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents: 8190
diff changeset
   303
        else :
486386d9f836 [web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents: 8190
diff changeset
   304
            self.redirect() # Will raise Redirect
4913
083b4d454192 server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents: 4894
diff changeset
   305
7557
a397305f3976 [controller] UndoController: fix output method (closes: #1776091)
Julien Jehannet <julien.jehannet@logilab.fr>
parents: 7528
diff changeset
   306
    def redirect(self, msg=None):
4913
083b4d454192 server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents: 4894
diff changeset
   307
        req = self._cw
7557
a397305f3976 [controller] UndoController: fix output method (closes: #1776091)
Julien Jehannet <julien.jehannet@logilab.fr>
parents: 7528
diff changeset
   308
        msg = msg or req._("transaction undone")
8267
486386d9f836 [web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents: 8190
diff changeset
   309
        self._return_to_lastpage( dict(_cwmsgid= req.set_redirect_message(msg)) )
486386d9f836 [web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents: 8190
diff changeset
   310