Ejemplo n.º 1
0
def make_name(dataset, label):
    from openspending.lib.util import slugify
    from itertools import count
    name = name_orig = slugify(label)
    view = View.by_name(dataset, name)
    for i in count():
        if view is None:
            return name
        name = name_orig + str(i)
        view = View.by_name(dataset, name)
Ejemplo n.º 2
0
def make_name(dataset, label):
    from openspending.lib.util import slugify
    from itertools import count
    name = name_orig = slugify(label)
    view = View.by_name(dataset, name)
    for i in count():
        if view is None:
            return name
        name = name_orig + str(i)
        view = View.by_name(dataset, name)
Ejemplo n.º 3
0
def create_view(dataset, view_config):
    """
    Create view for a provided dataset from a view provided as dict
    """

    # Check if it exists (if not we create it)
    existing = View.by_name(dataset, view_config['name'])
    if existing is None:
        # Create the view
        view = View()

        # Set saved configurations
        view.widget = view_config['widget']
        view.state = view_config['state']
        view.name = view_config['name']
        view.label = view_config['label']
        view.description = view_config['description']
        view.public = view_config['public']
        
        # Set the dataset as the current dataset
        view.dataset = dataset

        # Try and set the account provided but if it doesn't exist
        # revert to shell account
        view.account = Account.by_name(view_config['account'])
        if view.account is None:
            view.account = shell_account()

        # Commit view to database
        db.session.add(view)
        db.session.commit()
Ejemplo n.º 4
0
    def update(self, dataset, name):
        """
        Update dataset. Does nothing at the moment.
        """
        # Get the dataset for the view
        self._get_dataset(dataset)

        # Get the named view
        view = View.by_name(c.dataset, name)
        # User must be allowed to update the named view
        require.view.update(c.dataset, view)

        # Possible update values
        # We don't update the view's name because it might have been embedded
        view.label = request.params.get('label', view.label)
        try:
            # Try to load the state
            view.state = json.loads(request.params['state'])
        except:
            pass
        view.description = request.params.get('description', view.description)

        # Commit the changes
        db.session.commit()

        # Redirect to the view page for this view
        redirect(h.url_for(controller='view', action='view',
                           dataset=c.dataset.name, name=view.name))
Ejemplo n.º 5
0
def create_view(dataset, view_config):
    """
    Create view for a provided dataset from a view provided as dict
    """

    # Check if it exists (if not we create it)
    existing = View.by_name(dataset, view_config['name'])
    if existing is None:
        # Create the view
        view = View()

        # Set saved configurations
        view.widget = view_config['widget']
        view.state = view_config['state']
        view.name = view_config['name']
        view.label = view_config['label']
        view.description = view_config['description']
        view.public = view_config['public']

        # Set the dataset as the current dataset
        view.dataset = dataset

        # Try and set the account provided but if it doesn't exist
        # revert to shell account
        view.account = Account.by_name(view_config['account'])
        if view.account is None:
            view.account = shell_account()

        # Commit view to database
        db.session.add(view)
        db.session.commit()
Ejemplo n.º 6
0
    def update(self, dataset, name):
        """
        Update dataset. Does nothing at the moment.
        """
        # Get the dataset for the view
        self._get_dataset(dataset)

        # Get the named view
        view = View.by_name(c.dataset, name)
        # User must be allowed to update the named view
        require.view.update(c.dataset, view)

        # Possible update values
        # We don't update the view's name because it might have been embedded
        view.label = request.params.get('label', view.label)
        try:
            # Try to load the state
            view.state = json.loads(request.params['state'])
        except:
            pass
        view.description = request.params.get('description', view.description)

        # Commit the changes
        db.session.commit()

        # Redirect to the view page for this view
        redirect(h.url_for(controller='view', action='view',
                           dataset=c.dataset.name, name=view.name))
Ejemplo n.º 7
0
 def test_delete(self):
     # TODO: Create the view using a fixture
     self.app.post(url(controller='view', action='create',
                                 dataset='cra'),
                     params={'widget': 'treemap',
                             'label': 'I am a banana!',
                             'state': '{"foo":"banana"}'},
                     extra_environ={'REMOTE_USER': '******'})
     response = self.app.delete(url(controller='view',
         action='delete', dataset='cra', name='i-am-a-banana'),
         extra_environ={'REMOTE_USER': '******'})
     dataset = Dataset.by_name('cra')
     view = View.by_name(dataset, 'i-am-a-banana')
     assert view is None
     assert '302' in response.status
Ejemplo n.º 8
0
 def test_delete(self):
     # TODO: Create the view using a fixture
     self.app.post(url(controller='view', action='create', dataset='cra'),
                   params={
                       'widget': 'treemap',
                       'label': 'I am a banana!',
                       'state': '{"foo":"banana"}'
                   },
                   extra_environ={'REMOTE_USER': '******'})
     response = self.app.delete(url(controller='view',
                                    action='delete',
                                    dataset='cra',
                                    name='i-am-a-banana'),
                                extra_environ={'REMOTE_USER': '******'})
     dataset = Dataset.by_name('cra')
     view = View.by_name(dataset, 'i-am-a-banana')
     assert view is None
     assert '302' in response.status
Ejemplo n.º 9
0
 def _get_named_view(self, dataset, name):
     self._get_dataset(dataset)
     c.named_view = View.by_name(c.dataset, name)
     if c.named_view is None:
         abort(404, _('Sorry, there is no view %r') % name)
     require.view.read(c.dataset, c.named_view)
Ejemplo n.º 10
0
    def test_update(self):
        """
        Test the update function of a view.
        """
        # Create the view (we do it via a controller but it would be
        # better to create it manually (or via a fixture)
        self.app.post(url(controller='view', action='create',
                          dataset='cra'),
                      params={'widget': 'treemap',
                              'label': 'I am a banana!',
                              'state': '{"foo":"banana"}'},
                      extra_environ={'REMOTE_USER': '******'})

        # Check whether a non-user can update the view
        response = self.app.post(url(controller='view', action='update',
                                     dataset='cra', name='i-am-a-banana'),
                                 params={'label': 'I am an apple',
                                         'state': '{"foo":"apple"}',
                                         'description': 'An apple!'},
                                 expect_errors=True)
        # The user should receive a 403 Forbidden (actually should get 401)
        assert '403' in response.status, \
            "A non-user was able to update a view"

        dataset = Dataset.by_name('cra')
        view = View.by_name(dataset, 'i-am-a-banana')
        assert view.label == 'I am a banana!', \
            "View's label was changed by a non-user"
        assert view.state['foo'] == 'banana', \
            "View's state was changed by a non-user"
        assert view.description is None, \
            "View's description was changed by a non-user"

        # Check whether an unauthorized user can update the view
        response = self.app.post(url(controller='view', action='update',
                                     dataset='cra', name='i-am-a-banana'),
                                 params={'label': 'I am an apple',
                                         'state': '{"foo":"apple"}',
                                         'description': 'An apple!'},
                                 expect_errors=True,
                                 extra_environ={'REMOTE_USER': '******'})
        # The user should receive a 403 (Forbidden)
        assert '403' in response.status, \
            "Unauthorized user was able to update a view"

        dataset = Dataset.by_name('cra')
        view = View.by_name(dataset, 'i-am-a-banana')
        assert view.label == 'I am a banana!', \
            "View's label was changed by an unauthorized user"
        assert view.state['foo'] == 'banana', \
            "View's state was changed by an unauthorized user"
        assert view.description is None, \
            "View's description was changed by an unauthorized user"

        # Check whether a managing user can update the view
        response = self.app.post(url(controller='view', action='update',
                                     dataset='cra', name='i-am-a-banana'),
                                 params={'label': 'I am an apple',
                                         'name': 'can-i-be-an-apple',
                                         'state': '{"foo":"apple"}',
                                         'description': 'An apple!'},
                                 extra_environ={'REMOTE_USER': '******'})

        dataset = Dataset.by_name('cra')
        view = View.by_name(dataset, 'i-am-a-banana')
        # Name cannot have been changed because the view might have been
        # embedded elsewhere (cannot be changed by params nor be re-slugified)
        assert view is not None, \
            "View's name was changed by update"
        assert view.label == 'I am an apple', \
            "View's label wasn't changed by the managing user"
        assert view.state['foo'] == 'apple', \
            "View's state wasn't changed by the managing user"
        assert view.description == 'An apple!', \
            "View's description wasn't changed by the managing user"
Ejemplo n.º 11
0
 def _get_named_view(self, dataset, name):
     self._get_dataset(dataset)
     c.named_view = View.by_name(c.dataset, name)
     if c.named_view is None:
         abort(404, _('Sorry, there is no view %r') % name)
     require.view.read(c.dataset, c.named_view)
Ejemplo n.º 12
0
    def test_update(self):
        """
        Test the update function of a view.
        """
        # Create the view (we do it via a controller but it would be
        # better to create it manually (or via a fixture)
        self.app.post(url(controller='view', action='create', dataset='cra'),
                      params={
                          'widget': 'treemap',
                          'label': 'I am a banana!',
                          'state': '{"foo":"banana"}'
                      },
                      extra_environ={'REMOTE_USER': '******'})

        # Check whether a non-user can update the view
        response = self.app.post(url(controller='view',
                                     action='update',
                                     dataset='cra',
                                     name='i-am-a-banana'),
                                 params={
                                     'label': 'I am an apple',
                                     'state': '{"foo":"apple"}',
                                     'description': 'An apple!'
                                 },
                                 expect_errors=True)
        # The user should receive a 403 Forbidden (actually should get 401)
        assert '403' in response.status, \
            "A non-user was able to update a view"

        dataset = Dataset.by_name('cra')
        view = View.by_name(dataset, 'i-am-a-banana')
        assert view.label == 'I am a banana!', \
            "View's label was changed by a non-user"
        assert view.state['foo'] == 'banana', \
            "View's state was changed by a non-user"
        assert view.description is None, \
            "View's description was changed by a non-user"

        # Check whether an unauthorized user can update the view
        response = self.app.post(url(controller='view',
                                     action='update',
                                     dataset='cra',
                                     name='i-am-a-banana'),
                                 params={
                                     'label': 'I am an apple',
                                     'state': '{"foo":"apple"}',
                                     'description': 'An apple!'
                                 },
                                 expect_errors=True,
                                 extra_environ={'REMOTE_USER': '******'})
        # The user should receive a 403 (Forbidden)
        assert '403' in response.status, \
            "Unauthorized user was able to update a view"

        dataset = Dataset.by_name('cra')
        view = View.by_name(dataset, 'i-am-a-banana')
        assert view.label == 'I am a banana!', \
            "View's label was changed by an unauthorized user"
        assert view.state['foo'] == 'banana', \
            "View's state was changed by an unauthorized user"
        assert view.description is None, \
            "View's description was changed by an unauthorized user"

        # Check whether a managing user can update the view
        response = self.app.post(url(controller='view',
                                     action='update',
                                     dataset='cra',
                                     name='i-am-a-banana'),
                                 params={
                                     'label': 'I am an apple',
                                     'name': 'can-i-be-an-apple',
                                     'state': '{"foo":"apple"}',
                                     'description': 'An apple!'
                                 },
                                 extra_environ={'REMOTE_USER': '******'})

        dataset = Dataset.by_name('cra')
        view = View.by_name(dataset, 'i-am-a-banana')
        # Name cannot have been changed because the view might have been
        # embedded elsewhere (cannot be changed by params nor be re-slugified)
        assert view is not None, \
            "View's name was changed by update"
        assert view.label == 'I am an apple', \
            "View's label wasn't changed by the managing user"
        assert view.state['foo'] == 'apple', \
            "View's state wasn't changed by the managing user"
        assert view.description == 'An apple!', \
            "View's description wasn't changed by the managing user"