1 # copyright 2003-2015 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
|
2 # contact http://www.logilab.fr/ -- mailto:contact@logilab.fr |
|
3 # |
|
4 # This file is part of CubicWeb. |
|
5 # |
|
6 # CubicWeb is free software: you can redistribute it and/or modify it under the |
|
7 # terms of the GNU Lesser General Public License as published by the Free |
|
8 # Software Foundation, either version 2.1 of the License, or (at your option) |
|
9 # any later version. |
|
10 # |
|
11 # CubicWeb is distributed in the hope that it will be useful, but WITHOUT |
|
12 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS |
|
13 # FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more |
|
14 # details. |
|
15 # |
|
16 # You should have received a copy of the GNU Lesser General Public License along |
|
17 # with CubicWeb. If not, see <http://www.gnu.org/licenses/>. |
|
18 """json export views""" |
|
19 |
|
20 __docformat__ = "restructuredtext en" |
|
21 from cubicweb import _ |
|
22 |
|
23 from cubicweb.uilib import rest_traceback |
|
24 |
|
25 from cubicweb.utils import json_dumps |
|
26 from cubicweb.predicates import ExpectedValuePredicate, any_rset, empty_rset |
|
27 from cubicweb.view import EntityView, AnyRsetView |
|
28 from cubicweb.web.application import anonymized_request |
|
29 from cubicweb.web.views import basecontrollers, management |
|
30 |
|
31 |
|
32 class JsonpController(basecontrollers.ViewController): |
|
33 """The jsonp controller is the same as a ViewController but : |
|
34 |
|
35 - anonymize request (avoid CSRF attacks) |
|
36 - if ``vid`` parameter is passed, make sure it's sensible (i.e. either |
|
37 "jsonexport" or "ejsonexport") |
|
38 - if ``callback`` request parameter is passed, it's used as json padding |
|
39 |
|
40 |
|
41 Response's content-type will either be ``application/javascript`` or |
|
42 ``application/json`` depending on ``callback`` parameter presence or not. |
|
43 """ |
|
44 __regid__ = 'jsonp' |
|
45 |
|
46 def publish(self, rset=None): |
|
47 if 'vid' in self._cw.form: |
|
48 vid = self._cw.form['vid'] |
|
49 if vid not in ('jsonexport', 'ejsonexport'): |
|
50 self.warning("vid %s can't be used with jsonp controller, " |
|
51 "falling back to jsonexport", vid) |
|
52 self._cw.form['vid'] = 'jsonexport' |
|
53 else: # if no vid is specified, use jsonexport |
|
54 self._cw.form['vid'] = 'jsonexport' |
|
55 if self._cw.vreg.config['anonymize-jsonp-queries']: |
|
56 with anonymized_request(self._cw): |
|
57 return self._get_json_data(rset) |
|
58 else: |
|
59 return self._get_json_data(rset) |
|
60 |
|
61 def _get_json_data(self, rset): |
|
62 json_data = super(JsonpController, self).publish(rset) |
|
63 if 'callback' in self._cw.form: # jsonp |
|
64 json_padding = self._cw.form['callback'].encode('ascii') |
|
65 # use ``application/javascript`` if ``callback`` parameter is |
|
66 # provided, keep ``application/json`` otherwise |
|
67 self._cw.set_content_type('application/javascript') |
|
68 json_data = json_padding + b'(' + json_data + b')' |
|
69 return json_data |
|
70 |
|
71 |
|
72 class JsonMixIn(object): |
|
73 """mixin class for json views |
|
74 |
|
75 Handles the following optional request parameters: |
|
76 |
|
77 - ``_indent`` : must be an integer. If found, it is used to pretty print |
|
78 json output |
|
79 """ |
|
80 templatable = False |
|
81 content_type = 'application/json' |
|
82 binary = True |
|
83 |
|
84 def wdata(self, data): |
|
85 if '_indent' in self._cw.form: |
|
86 indent = int(self._cw.form['_indent']) |
|
87 else: |
|
88 indent = None |
|
89 # python's json.dumps escapes non-ascii characters |
|
90 self.w(json_dumps(data, indent=indent).encode('ascii')) |
|
91 |
|
92 |
|
93 class JsonRsetView(JsonMixIn, AnyRsetView): |
|
94 """dumps raw result set in JSON format""" |
|
95 __regid__ = 'jsonexport' |
|
96 __select__ = any_rset() # means rset might be empty or have any shape |
|
97 title = _('json-export-view') |
|
98 |
|
99 def call(self): |
|
100 # XXX mimic w3c recommandations to serialize SPARQL results in json? |
|
101 # http://www.w3.org/TR/rdf-sparql-json-res/ |
|
102 self.wdata(self.cw_rset.rows) |
|
103 |
|
104 |
|
105 class JsonEntityView(JsonMixIn, EntityView): |
|
106 """dumps rset entities in JSON |
|
107 |
|
108 The following additional metadata is added to each row : |
|
109 |
|
110 - ``cw_etype`` : entity type |
|
111 - ``cw_source`` : source url |
|
112 """ |
|
113 __regid__ = 'ejsonexport' |
|
114 __select__ = EntityView.__select__ | empty_rset() |
|
115 title = _('json-entities-export-view') |
|
116 |
|
117 def call(self): |
|
118 entities = [] |
|
119 for entity in self.cw_rset.entities(): |
|
120 serializer = entity.cw_adapt_to('ISerializable') |
|
121 entities.append(serializer.serialize()) |
|
122 self.wdata(entities) |
|
123 |
|
124 |
|
125 class _requested_vid(ExpectedValuePredicate): |
|
126 """predicate that checks vid parameter value |
|
127 |
|
128 It differs from ``match_view`` in that it doesn't expect a ``view`` |
|
129 parameter to be given to ``select`` but will rather check |
|
130 ``req.form['vid']`` to match expected vid. |
|
131 """ |
|
132 def __call__(self, cls, req, rset=None, **kwargs): |
|
133 return req.form.get('vid') in self.expected |
|
134 |
|
135 |
|
136 class JsonErrorView(JsonMixIn, management.ErrorView): |
|
137 """custom error view selected when client asks for a json view |
|
138 |
|
139 The returned json object will contain err / traceback informations. |
|
140 """ |
|
141 __select__ = (management.ErrorView.__select__ & |
|
142 _requested_vid('jsonexport', 'ejsonexport')) |
|
143 |
|
144 def call(self): |
|
145 errmsg, exclass, excinfo = self._excinfo() |
|
146 self.wdata({ |
|
147 'errmsg': errmsg, |
|
148 'exclass': exclass, |
|
149 'traceback': rest_traceback(excinfo, errmsg), |
|
150 }) |
|