cubicweb: comparison web/request.py

equal deleted inserted replaced

-:45a1c3f0d0d9
+:e402e0b32075
 """abstract HTTP request, should be extended according to the HTTP backend"""
 json_request = False # to be set to True by json controllers
 def __init__(self, vreg, https, form=None):
 super(CubicWebRequestBase, self).__init__(vreg)
-self.message = None
 self.authmode = vreg.config['auth-mode']
 self.https = https
 # raw html headers that can be added from any view
 self.html_headers = HTMLHead()
 # form parameters
 """method called by the session handler when the user is authenticated
 or an anonymous connection is open
 """
 super(CubicWebRequestBase, self).set_connection(cnx, user)
 # set request language
-try:
+vreg = self.vreg
-vreg = self.vreg
+if self.user:
-if self.user:
+try:
-try:
+# 1. user specified language
-# 1. user specified language
+lang = vreg.typed_value('ui.language',
-lang = vreg.typed_value('ui.language',
+self.user.properties['ui.language'])
-self.user.properties['ui.language'])
+self.set_language(lang)
+return
+except KeyError:
+pass
+if vreg.config['language-negociation']:
+# 2. http negociated language
+for lang in self.header_accept_language():
+if lang in self.translations:
 self.set_language(lang)
 return
-except KeyError:
+# 3. default language
-pass
+self.set_default_language(vreg)
-if vreg.config['language-negociation']:
-# 2. http negociated language
-for lang in self.header_accept_language():
-if lang in self.translations:
-self.set_language(lang)
-return
-# 3. default language
-self.set_default_language(vreg)
-finally:
-# XXX code smell
-# have to be done here because language is not yet set in setup_params
-#
-# special key for created entity, added in controller's reset method
-# if no message set, we don't want this neither
-if '__createdpath' in self.form and self.message:
-self.message += ' (<a href="%s">%s</a>)' % (
-self.build_url(self.form.pop('__createdpath')),
-self._('click here to see created entity'))
 def set_language(self, lang):
 gettext, self.pgettext = self.translations[lang]
 self._ = self.__ = gettext
 self.lang = lang
 def setup_params(self, params):
 """WARNING: we're intentionaly leaving INTERNAL_FIELD_VALUE here
 subclasses should overrides to
 """
+self.form = {}
 if params is None:
-params = {}
+return
-self.form = params
 encoding = self.encoding
-for k, v in params.items():
+for param, val in params.iteritems():
-if isinstance(v, (tuple, list)):
+if isinstance(val, (tuple, list)):
-v = [unicode(x, encoding) for x in v]
+val = [unicode(x, encoding) for x in val]
-if len(v) == 1:
+if len(val) == 1:
-v = v[0]
+val = val[0]
-if k in self.no_script_form_params:
+elif isinstance(val, str):
-v = self.no_script_form_param(k, value=v)
+val = unicode(val, encoding)
-if isinstance(v, str):
+if param in self.no_script_form_params and val:
-v = unicode(v, encoding)
+val = self.no_script_form_param(param, val)
-if k == '__message':
+if param == '_cwmsgid':
-self.set_message(v)
+self.set_message_id(val)
-del self.form[k]
+elif param == '__message':
+self.set_message(val)
 else:
-self.form[k] = v
+self.form[param] = val
-def no_script_form_param(self, param, default=None, value=None):
+def no_script_form_param(self, param, value):
 """ensure there is no script in a user form param
 by default return a cleaned string instead of raising a security
 exception
 this method should be called on every user input (form at least) fields
 that are at some point inserted in a generated html page to protect
 against script kiddies
 """
-if value is None:
+# safety belt for strange urls like http://...?vtitle=yo&vtitle=yo
-value = self.form.get(param, default)
+if isinstance(value, (list, tuple)):
-if not value is default and value:
+self.error('no_script_form_param got a list (%s). Who generated the URL ?',
-# safety belt for strange urls like http://...?vtitle=yo&vtitle=yo
+repr(value))
-if isinstance(value, (list, tuple)):
+value = value[0]
-self.error('no_script_form_param got a list (%s). Who generated the URL ?',
+return remove_html_tags(value)
-repr(value))
-value = value[0]
-return remove_html_tags(value)
-return value
 def list_form_param(self, param, form=None, pop=False):
 """get param from form parameters and return its value as a list,
 skipping internal markers if any
 self.html_headers = HTMLHead()
 return self
 # web state helpers #######################################################
+@property
+def message(self):
+try:
+return self.get_session_data(self._msgid, default=u'', pop=True)
+except AttributeError:
+try:
+return self._msg
+except AttributeError:
+return None
 def set_message(self, msg):
 assert isinstance(msg, unicode)
-self.message = msg
+self._msg = msg
+def set_message_id(self, msgid):
+self._msgid = msgid
+@cached
+def redirect_message_id(self):
+return make_uid()
+def set_redirect_message(self, msg):
+assert isinstance(msg, unicode)
+msgid = self.redirect_message_id()
+self.set_session_data(msgid, msg)
+return msgid
+def append_to_redirect_message(self, msg):
+msgid = self.redirect_message_id()
+currentmsg = self.get_session_data(msgid)
+if currentmsg is not None:
+currentmsg = '%s %s' % (currentmsg, msg)
+else:
+currentmsg = msg
+self.set_session_data(msgid, currentmsg)
+return msgid
+def reset_message(self):
+if hasattr(self, '_msg'):
+del self._msg
+if hasattr(self, '_msgid'):
+del self._msgid
 def update_search_state(self):
 """update the current search state"""
 searchstate = self.form.get('__mode')
 if not searchstate and self.cnx is not None:

changeset 4897	e402e0b32075
parent 4851	e55bdd10421e
child 4899	c666d265fb95