1 # copyright 2003-2012 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
1 # copyright 2003-2015 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
2 # contact http://www.logilab.fr/ -- mailto:contact@logilab.fr |
2 # contact http://www.logilab.fr/ -- mailto:contact@logilab.fr |
3 # |
3 # |
4 # This file is part of CubicWeb. |
4 # This file is part of CubicWeb. |
5 # |
5 # |
6 # CubicWeb is free software: you can redistribute it and/or modify it under the |
6 # CubicWeb is free software: you can redistribute it and/or modify it under the |
26 from cubicweb.predicates import ExpectedValuePredicate, any_rset, empty_rset |
26 from cubicweb.predicates import ExpectedValuePredicate, any_rset, empty_rset |
27 from cubicweb.view import EntityView, AnyRsetView |
27 from cubicweb.view import EntityView, AnyRsetView |
28 from cubicweb.web.application import anonymized_request |
28 from cubicweb.web.application import anonymized_request |
29 from cubicweb.web.views import basecontrollers, management |
29 from cubicweb.web.views import basecontrollers, management |
30 |
30 |
|
31 |
31 class JsonpController(basecontrollers.ViewController): |
32 class JsonpController(basecontrollers.ViewController): |
32 """The jsonp controller is the same as a ViewController but : |
33 """The jsonp controller is the same as a ViewController but : |
33 |
34 |
34 - anonymize request (avoid CSRF attacks) |
35 - anonymize request (avoid CSRF attacks) |
35 - if ``vid`` parameter is passed, make sure it's sensible (i.e. either |
36 - if ``vid`` parameter is passed, make sure it's sensible (i.e. either |
47 vid = self._cw.form['vid'] |
48 vid = self._cw.form['vid'] |
48 if vid not in ('jsonexport', 'ejsonexport'): |
49 if vid not in ('jsonexport', 'ejsonexport'): |
49 self.warning("vid %s can't be used with jsonp controller, " |
50 self.warning("vid %s can't be used with jsonp controller, " |
50 "falling back to jsonexport", vid) |
51 "falling back to jsonexport", vid) |
51 self._cw.form['vid'] = 'jsonexport' |
52 self._cw.form['vid'] = 'jsonexport' |
52 else: # if no vid is specified, use jsonexport |
53 else: # if no vid is specified, use jsonexport |
53 self._cw.form['vid'] = 'jsonexport' |
54 self._cw.form['vid'] = 'jsonexport' |
54 if self._cw.vreg.config['anonymize-jsonp-queries']: |
55 if self._cw.vreg.config['anonymize-jsonp-queries']: |
55 with anonymized_request(self._cw): |
56 with anonymized_request(self._cw): |
56 return self._get_json_data(rset) |
57 return self._get_json_data(rset) |
57 else: |
58 else: |
58 return self._get_json_data(rset) |
59 return self._get_json_data(rset) |
59 |
60 |
60 def _get_json_data(self, rset): |
61 def _get_json_data(self, rset): |
61 json_data = super(JsonpController, self).publish(rset) |
62 json_data = super(JsonpController, self).publish(rset) |
62 if 'callback' in self._cw.form: # jsonp |
63 if 'callback' in self._cw.form: # jsonp |
63 json_padding = self._cw.form['callback'].encode('ascii') |
64 json_padding = self._cw.form['callback'].encode('ascii') |
64 # use ``application/javascript`` if ``callback`` parameter is |
65 # use ``application/javascript`` if ``callback`` parameter is |
65 # provided, keep ``application/json`` otherwise |
66 # provided, keep ``application/json`` otherwise |
66 self._cw.set_content_type('application/javascript') |
67 self._cw.set_content_type('application/javascript') |
67 json_data = json_padding + b'(' + json_data + b')' |
68 json_data = json_padding + b'(' + json_data + b')' |
90 |
91 |
91 |
92 |
92 class JsonRsetView(JsonMixIn, AnyRsetView): |
93 class JsonRsetView(JsonMixIn, AnyRsetView): |
93 """dumps raw result set in JSON format""" |
94 """dumps raw result set in JSON format""" |
94 __regid__ = 'jsonexport' |
95 __regid__ = 'jsonexport' |
95 __select__ = any_rset() # means rset might be empty or have any shape |
96 __select__ = any_rset() # means rset might be empty or have any shape |
96 title = _('json-export-view') |
97 title = _('json-export-view') |
97 |
98 |
98 def call(self): |
99 def call(self): |
99 # XXX mimic w3c recommandations to serialize SPARQL results in json? |
100 # XXX mimic w3c recommandations to serialize SPARQL results in json? |
100 # http://www.w3.org/TR/rdf-sparql-json-res/ |
101 # http://www.w3.org/TR/rdf-sparql-json-res/ |