doc/book/en/devweb/request.rst
author Julien Cristau <julien.cristau@logilab.fr>
Tue, 11 Mar 2014 15:56:05 +0100
changeset 9580 abaae1496ba4
parent 9183 95e69c2d52a9
child 10222 75d6096216d7
permissions -rw-r--r--
[book] Update documentation for new repoapi Quite a few things change in 3.19: - repoapi instead of dbapi - ClientConnection / Connection / Session rework - web authentication process - test APIs Closes #3638793

The `Request` class (`cubicweb.web.request`)
--------------------------------------------

Overview
````````

A request instance is created when an HTTP request is sent to the web
server.  It contains informations such as form parameters,
authenticated user, etc. It is a very prevalent object and is used
throughout all of the framework and applications, as you'll access to
almost every resources through it.

**A request represents a user query, either through HTTP or not (we
also talk about RQL queries on the server side for example).**

Here is a non-exhaustive list of attributes and methods available on
request objects (grouped by category):

* `Browser control`:

  * `ie_browser`: tells if the browser belong to the Internet Explorer
    family

* `User and identification`:

  * `user`, instance of `cubicweb.entities.authobjs.CWUser` corresponding to the
    authenticated user

* `Session data handling`

  * `session.data` is the dictionary of the session data; it can be
    manipulated like an ordinary Python dictionary

* `Edition` (utilities for edition control):

  * `cancel_edition`: resets error url and cleans up pending operations
  * `create_entity`: utility to create an entity (from an etype,
    attributes and relation values)
  * `datadir_url`: returns the url to the merged external resources
    (|cubicweb|'s `web/data` directory plus all `data` directories of
    used cubes)
  * `edited_eids`: returns the list of eids of entities that are
    edited under the current http request
  * `eid_rset(eid)`: utility which returns a result set from an eid
  * `entity_from_eid(eid)`: returns an entity instance from the given eid
  * `encoding`: returns the encoding of the current HTTP request
  * `ensure_ro_rql(rql)`: ensure some rql query is a data request
  * etype_rset
  * `form`, dictionary containing the values of a web form
  * `encoding`, character encoding to use in the response
  * `next_tabindex()`: returns a monotonically growing integer used to
    build the html tab index of forms

* `HTTP`

  * `authmode`: returns a string describing the authentication mode
    (http, cookie, ...)
  * `lang`: returns the user agents/browser's language as carried by
    the http request
  * `demote_to_html()`: in the context of an XHTML compliant browser,
    this will force emission of the response as an HTML document
    (using the http content negociation)

*  `Cookies handling`

  * `get_cookie()`, returns a dictionary containing the value of the header
    HTTP 'Cookie'
  * `set_cookie(cookie, key, maxage=300)`, adds a header HTTP `Set-Cookie`,
    with a minimal 5 minutes length of duration by default (`maxage` = None
    returns a *session* cookie which will expire when the user closes the browser
    window)
  * `remove_cookie(cookie, key)`, forces a value to expire

* `URL handling`

  * `build_url(__vid, *args, **kwargs)`: return an absolute URL using
    params dictionary key/values as URL parameters. Values are
    automatically URL quoted, and the publishing method to use may be
    specified or will be guessed.
  * `build_url_params(**kwargs)`: returns a properly prepared (quoted,
    separators, ...) string from the given parameters
  * `url()`, returns the full URL of the HTTP request
  * `base_url()`, returns the root URL of the web application
  * `relative_path()`, returns the relative path of the request

* `Web resource (.css, .js files, etc.) handling`:

  * `add_css(cssfiles)`: adds the given list of css resources to the current
    html headers
  * `add_js(jsfiles)`: adds the given list of javascript resources to the
    current html headers
  * `add_onload(jscode)`: inject the given jscode fragment (an unicode
    string) into the current html headers, wrapped inside a
    document.ready(...) or another ajax-friendly one-time trigger event
  * `add_header(header, values)`: adds the header/value pair to the
    current html headers
  * `status_out`: control the HTTP status of the response

* `And more...`

  * `set_content_type(content_type, filename=None)`, adds the header HTTP
    'Content-Type'
  * `get_header(header)`, returns the value associated to an arbitrary header
    of the HTTP request
  * `set_header(header, value)`, adds an arbitrary header in the response
  * `execute(*args, **kwargs)`, executes an RQL query and return the result set
  * `property_value(key)`, properties management (`CWProperty`)
  * dictionary `data` to store data to share informations between components
    *while a request is executed*

Please note that this class is abstract and that a concrete implementation
will be provided by the *frontend* web used (in particular *twisted* as of
today). For the views or others that are executed on the server side,
most of the interface of `Request` is defined in the session associated
to the client.

API
```

The elements we gave in overview for above are built in three layers,
from ``cubicweb.req.RequestSessionBase``, ``cubicweb.repoapi.ClientConnection`` and
``cubicweb.web.ConnectionCubicWebRequestBase``.

.. autoclass:: cubicweb.req.RequestSessionBase
   :members:

.. autoclass:: cubicweb.repoapi.ClientConnection
   :members:

.. autoclass:: cubicweb.web.request.ConnectionCubicWebRequestBase
   :members: