def update_actions(self):
""" Prepare form actions, this method should be called directly.
``Form.update`` calls this method during initialization."""
self.actions = Actions(self, self.request)
self.actions.update()
def _makeOne(self, form, request):
from ptah.form.button import Actions
return Actions(form, request)
class Form(view.View):
"""A form
"""
fields = Fieldset()
buttons = None
#: Form label
label = None
#: Form description
description = ''
#: Form prefix, it used for html elements `id` generations.
prefix = 'form.'
#: Instance of py:class:`ptah.form.Actions` class
actions = None
#: Instance of py:class:`FormWidgets` class
widgets = None
#: Form content, it should be `None` or dictionary with data for fields.
content = None
#: Form mode. It can be py:data::`ptah.form.FORM_INPUT` or
#: py:data::`ptah.form.FORM_DISPLAY`
mode = FORM_INPUT
method = 'post'
enctype = 'multipart/form-data'
accept = None
acceptCharset = None
csrf = False
csrfname = 'csrf-token'
params = MultiDict({})
def __init__(self, context, request):
super(Form, self).__init__(context, request)
if self.buttons is None:
self.buttons = Buttons()
@reify
def action(self):
return self.request.url
@reify
def name(self):
return self.prefix.strip('.')
@reify
def id(self):
return self.name.replace('.', '-')
def form_content(self):
return self.content
def form_params(self):
if self.method == 'post':
return self.request.POST
elif self.method == 'get':
return self.request.GET
elif self.method == 'params':
return self.params
else:
return self.params
def update_widgets(self):
self.widgets = FormWidgets(self.fields, self, self.request)
self.widgets.mode = self.mode
self.widgets.update()
def update_actions(self):
self.actions = Actions(self, self.request)
self.actions.update()
@property
def token(self):
if CSRF is not None:
return CSRF.generate(self.tokenData)
@reify
def tokenData(self):
return '%s.%s:%s'%(self.__module__,self.__class__.__name__,
security.authenticated_userid(self.request))
def validate(self, data, errors):
self.validate_csrf_token()
def validate_csrf_token(self):
# check csrf token
if self.csrf:
token = self.form_params().get(self.csrfname, None)
if token is not None:
if CSRF is not None:
if CSRF.get(token) == self.tokenData:
return
raise HTTPForbidden("Form authenticator is not found.")
def extract(self):
return self.widgets.extract()
def update(self):
self.update_widgets()
self.update_actions()
self.actions.execute()
def render(self):
if self.template is None:
return self.snippet(FORM_VIEW, self)
kwargs = {'view': self,
'context': self.context,
'request': self.request}
return self.template(**kwargs)
class Form(ptah.View):
""" A form
``id``: Form id
``name``: Form name
``label``: Form label
``description``: Form description
``prefix``: Form prefix, it used for html elements `id` generations.
``fields``: Form fields :py:class:`ptah.form.Fieldset`
``buttons``: Form buttons :py:class:`ptah.form.Buttons`
``actions``: Instance of :py:class:`ptah.form.Actions` class
``widgets``: Instance of :py:class:`FormWidgets` class
``content``: Form content, it should be `None` or dictionary with
data for fields.
``params``: None
``mode``: Form mode. It can be :py:data:`ptah.form.FORM_INPUT` or
:py:data:`ptah.form.FORM_DISPLAY`
``action``: Form action, by default ``request.url``
``method``: HTML Form method (`post`, `get`)
``csrf``: Enable/disable form csrf protection
``token``: csrf token
``csrf-name``: csrf field name
"""
fields = Fieldset()
buttons = None
label = None
description = ''
prefix = 'form.'
actions = None
widgets = None
content = None
mode = FORM_INPUT
method = 'post'
enctype = 'multipart/form-data'
accept = None
acceptCharset = None
params = None
context = None
klass = 'form-horizontal'
csrf = False
csrfname = 'csrf-token'
__view_mapper__ = FormViewMapper
def __init__(self, context, request):
super(Form, self).__init__(context, request)
if self.buttons is None:
self.buttons = Buttons()
@reify
def action(self):
return self.request.url
@reify
def name(self):
return self.prefix.strip('.')
@reify
def id(self):
return self.name.replace('.', '-')
def form_content(self):
""" Return form content.
By default it returns ``Form.content`` attribute. """
return self.content
def form_params(self):
""" get request params """
if self.params is not None:
if not isinstance(self.params, MultiDict):
return MultiDict(self.params)
return self.params
if self.method == 'post':
return self.request.POST
elif self.method == 'get':
return self.request.GET
else:
return self.params
def update_widgets(self):
""" prepare form widgets """
self.widgets = FormWidgets(self.fields, self, self.request)
self.widgets.mode = self.mode
self.widgets.update()
def update_actions(self):
""" Prepare form actions, this method should be called directly.
``Form.update`` calls this method during initialization."""
self.actions = Actions(self, self.request)
self.actions.update()
@property
def token(self):
return self.request.session.get_csrf_token()
def validate(self, data, errors):
""" additional form validation """
self.validate_csrf_token()
def validate_csrf_token(self):
""" csrf token validation """
if self.csrf:
token = self.form_params().get(self.csrfname, None)
if token is not None:
if self.token == token:
return
raise HTTPForbidden("Form authenticator is not found.")
def extract(self):
""" extract form values """
return self.widgets.extract()
def update(self, **data):
""" update form """
if not self.content and data:
self.content = data
self.update_widgets()
self.update_actions()
return self.actions.execute()
def render(self):
""" render form """
return self.snippet(FORM_VIEW, self)
def render_update(self):
result = self.update()
if result is None:
result = {}
return result
def __call__(self):
""" update form and render form to response """
result = self.update()
response = self.request.registry.queryAdapterOrSelf(result, IResponse)
if response is not None:
return response
response = self.request.response
body = self.render()
if isinstance(body, bytes):
response.body = body # pragma: no cover
else:
response.text = body
return response
def update_actions(self):
self.actions = Actions(self, self.request)
self.actions.update()
def update_actions(self):
self.actions = Actions(self, self.request)
self.actions.update()
class Form(ptah.View):
""" A form """
fields = Fieldset()
buttons = None
#: Form label
label = None
#: Form description
description = ''
#: Form prefix, it used for html elements `id` generations.
prefix = 'form.'
#: Instance of py:class:`ptah.form.Actions` class
actions = None
#: Instance of py:class:`FormWidgets` class
widgets = None
#: Form content, it should be `None` or dictionary with data for fields.
content = None
#: Form mode. It can be py:data::`ptah.form.FORM_INPUT` or
#: py:data::`ptah.form.FORM_DISPLAY`
mode = FORM_INPUT
method = 'post'
enctype = 'multipart/form-data'
accept = None
acceptCharset = None
csrf = False
csrfname = 'csrf-token'
params = MultiDict({})
__view_mapper__ = FormViewMapper
def __init__(self, context, request):
super(Form, self).__init__(context, request)
if self.buttons is None:
self.buttons = Buttons()
@reify
def action(self):
return self.request.url
@reify
def name(self):
return self.prefix.strip('.')
@reify
def id(self):
return self.name.replace('.', '-')
def form_content(self):
return self.content
def form_params(self):
if self.method == 'post':
return self.request.POST
elif self.method == 'get':
return self.request.GET
elif self.method == 'params':
return self.params
else:
return self.params
def update_widgets(self):
self.widgets = FormWidgets(self.fields, self, self.request)
self.widgets.mode = self.mode
self.widgets.update()
def update_actions(self):
self.actions = Actions(self, self.request)
self.actions.update()
@property
def token(self):
return self.request.session.get_csrf_token()
def validate(self, data, errors):
self.validate_csrf_token()
def validate_csrf_token(self):
# check csrf token
if self.csrf:
token = self.form_params().get(self.csrfname, None)
if token is not None:
if self.token == token:
return
raise HTTPForbidden("Form authenticator is not found.")
def extract(self):
return self.widgets.extract()
def update(self, **data):
if not self.content and data:
self.content = data
self.update_widgets()
self.update_actions()
return self.actions.execute()
def render(self):
return self.snippet(FORM_VIEW, self)
def render_update(self):
result = self.update()
if result is None:
result = {}
return result
def __call__(self):
result = self.update()
response = self.request.registry.queryAdapterOrSelf(result, IResponse)
if response is not None:
return response
response = self.request.response
body = self.render()
if isinstance(body, bytes):
response.body = body # pragma: no cover
else:
response.text = body
return response
def update_actions(self):
""" Prepare form actions, this method should be called directly.
``Form.update`` calls this method during initialization."""
self.actions = Actions(self, self.request)
self.actions.update()
class Form(object):
""" A form
``id``: Form id
``name``: Form name
``label``: Form label
``description``: Form description
``prefix``: Form prefix, it used for html elements `id` generations.
``fields``: Form fields :py:class:`ptah.form.Fieldset`
``buttons``: Form buttons :py:class:`ptah.form.Buttons`
``actions``: Instance of :py:class:`ptah.form.Actions` class
``widgets``: Instance of :py:class:`FormWidgets` class
``content``: Form content, it should be `None` or dictionary with
data for fields.
``params``: Form request parameters
``action``: Form action, by default ``request.url``
``method``: HTML Form method (`post`, `get`)
``csrf``: Enable/disable form csrf protection
``csrf_name``: Form csrf field name
``csrf_token``: Form csrf token value
"""
label = None
description = ''
prefix = 'form.'
actions = None
widgets = None
buttons = None
fields = Fieldset()
content = None
method = 'post'
enctype = 'multipart/form-data'
accept = None
accept_charset = 'utf-8'
params = None
context = None
klass = 'form-horizontal'
csrf = False
csrf_name = 'csrf-token'
csrf_token = ''
tmpl_view = 'form:form'
tmpl_actions = 'form:form-actions'
tmpl_widget = 'form:widget'
__name__ = ''
__parent__ = None
__view_mapper__ = FormViewMapper
def __init__(self, context, request, **kw):
self.__dict__.update(kw)
self.context = context
self.request = request
self.__parent__ = context
if self.buttons is None:
self.buttons = Buttons()
# convert fields to Fieldset
if not isinstance(self.fields, Fieldset):
self.fields = Fieldset(*self.fields)
# set tmpl_widget
for fieldset in self.fields.fieldsets():
for field in fieldset.fields():
if field.cls.tmpl_widget is None:
field.cls.tmpl_widget = self.tmpl_widget
@reify
def id(self):
return self.name.replace('.', '-')
@reify
def name(self):
return self.prefix.strip('.')
@reify
def action(self):
return self.request.url
@reify
def csrf_token(self):
return self.request.session.get_csrf_token()
def form_content(self):
""" Return form content.
By default it returns ``Form.content`` attribute. """
return self.content
def form_params(self):
""" get form request params """
if self.params is not None:
if not isinstance(self.params, MultiDict):
return MultiDict(self.params)
return self.params
if self.method == 'post':
return self.request.POST
elif self.method == 'get':
return self.request.GET
else:
return self.params
def update_widgets(self):
""" prepare form widgets """
self.widgets = FormWidgets(self.fields, self, self.request)
self.widgets.update()
def update_actions(self):
""" Prepare form actions, this method should be called directly.
``Form.update`` calls this method during initialization."""
self.actions = Actions(self, self.request)
self.actions.update()
def update_form(self, data=None):
""" update form """
if not self.content and data:
self.content = data
self.update_widgets()
self.update_actions()
ac_result = self.actions.execute()
if IResponse.providedBy(ac_result):
raise HTTPResponseIsReady(ac_result)
result = self.update()
if IResponse.providedBy(result):
raise HTTPResponseIsReady(result)
if result is None:
result = {}
if ac_result is not None:
result.update(ac_result)
return result
def update(self):
""" Update form """
return {}
def render(self):
""" render form """
return render(self.request,
self.tmpl_view,
self,
actions=self.actions,
widgets=self.widgets)
def validate(self, data, errors):
""" Custom form validation """
def validate_form(self, data, errors):
""" Form validation """
self.validate_csrf_token()
try:
self.validate(data, errors)
except Invalid as err:
errors.append(err)
def validate_csrf_token(self):
""" csrf token validation """
if self.csrf:
token = self.form_params().get(self.csrf_name, None)
if token is not None:
if self.csrf_token == token:
return
raise HTTPForbidden("Form authenticator is not found.")
def extract(self):
""" extract form values """
return self.widgets.extract()
def add_error_message(self, msg):
""" add form error message """
add_message(self.request, msg, 'form:error')
def __call__(self):
""" update form and render form to response """
try:
result = self.update_form()
except HTTPResponseIsReady as result:
return result.args[0]
except HTTPException as result:
return result
response = self.request.registry.queryAdapterOrSelf(result, IResponse)
if response is not None:
return response
body = self.render()
response = self.request.response
if isinstance(body, bytes):
response.body = body
else:
response.text = body
return response
class Form(ptah.View):
""" A form """
fields = Fieldset()
buttons = None
#: Form label
label = None
#: Form description
description = ''
#: Form prefix, it used for html elements `id` generations.
prefix = 'form.'
#: Instance of py:class:`ptah.form.Actions` class
actions = None
#: Instance of py:class:`FormWidgets` class
widgets = None
#: Form content, it should be `None` or dictionary with data for fields.
content = None
#: Form mode. It can be py:data::`ptah.form.FORM_INPUT` or
#: py:data::`ptah.form.FORM_DISPLAY`
mode = FORM_INPUT
method = 'post'
enctype = 'multipart/form-data'
accept = None
acceptCharset = None
csrf = False
csrfname = 'csrf-token'
params = MultiDict({})
__view_mapper__ = FormViewMapper
def __init__(self, context, request):
super(Form, self).__init__(context, request)
if self.buttons is None:
self.buttons = Buttons()
@reify
def action(self):
return self.request.url
@reify
def name(self):
return self.prefix.strip('.')
@reify
def id(self):
return self.name.replace('.', '-')
def form_content(self):
return self.content
def form_params(self):
if self.method == 'post':
return self.request.POST
elif self.method == 'get':
return self.request.GET
elif self.method == 'params':
return self.params
else:
return self.params
def update_widgets(self):
self.widgets = FormWidgets(self.fields, self, self.request)
self.widgets.mode = self.mode
self.widgets.update()
def update_actions(self):
self.actions = Actions(self, self.request)
self.actions.update()
@property
def token(self):
return self.request.session.get_csrf_token()
def validate(self, data, errors):
self.validate_csrf_token()
def validate_csrf_token(self):
# check csrf token
if self.csrf:
token = self.form_params().get(self.csrfname, None)
if token is not None:
if self.token == token:
return
raise HTTPForbidden("Form authenticator is not found.")
def extract(self):
return self.widgets.extract()
def update(self, **data):
if not self.content and data:
self.content = data
self.update_widgets()
self.update_actions()
return self.actions.execute()
def render(self):
return self.snippet(FORM_VIEW, self)
def render_update(self):
result = self.update()
if result is None:
result = {}
return result
def __call__(self):
result = self.update()
response = self.request.registry.queryAdapterOrSelf(result, IResponse)
if response is not None:
return response
response = self.request.response
body = self.render()
if isinstance(body, bytes):
response.body = body # pragma: no cover
else:
response.text = body
return response
class Form(object):
""" A form
``id``: Form id
``name``: Form name
``label``: Form label
``description``: Form description
``prefix``: Form prefix, it used for html elements `id` generations.
``fields``: Form fields :py:class:`ptah.form.Fieldset`
``buttons``: Form buttons :py:class:`ptah.form.Buttons`
``actions``: Instance of :py:class:`ptah.form.Actions` class
``widgets``: Instance of :py:class:`FormWidgets` class
``content``: Form content, it should be `None` or dictionary with
data for fields.
``params``: Form request parameters
``action``: Form action, by default ``request.url``
``method``: HTML Form method (`post`, `get`)
``csrf``: Enable/disable form csrf protection
``csrf_name``: Form csrf field name
``csrf_token``: Form csrf token value
"""
label = None
description = ''
prefix = 'form.'
actions = None
widgets = None
buttons = None
fields = Fieldset()
content = None
method = 'post'
enctype = 'multipart/form-data'
accept = None
accept_charset = 'utf-8'
params = None
context = None
klass = 'form-horizontal'
csrf = False
csrf_name = 'csrf-token'
csrf_token = ''
tmpl_view = 'form:form'
tmpl_actions = 'form:form-actions'
tmpl_widget = 'form:widget'
__name__ = ''
__parent__ = None
__view_mapper__ = FormViewMapper
def __init__(self, context, request, **kw):
self.__dict__.update(kw)
self.context = context
self.request = request
self.__parent__ = context
if self.buttons is None:
self.buttons = Buttons()
# convert fields to Fieldset
if not isinstance(self.fields, Fieldset):
self.fields = Fieldset(*self.fields)
# set tmpl_widget
for fieldset in self.fields.fieldsets():
for field in fieldset.fields():
if field.cls.tmpl_widget is None:
field.cls.tmpl_widget = self.tmpl_widget
@reify
def id(self):
return self.name.replace('.', '-')
@reify
def name(self):
return self.prefix.strip('.')
@reify
def action(self):
return self.request.url
@reify
def csrf_token(self):
return self.request.session.get_csrf_token()
def form_content(self):
""" Return form content.
By default it returns ``Form.content`` attribute. """
return self.content
def form_params(self):
""" get form request params """
if self.params is not None:
if not isinstance(self.params, MultiDict):
return MultiDict(self.params)
return self.params
if self.method == 'post':
return self.request.POST
elif self.method == 'get':
return self.request.GET
else:
return self.params
def update_widgets(self):
""" prepare form widgets """
self.widgets = FormWidgets(self.fields, self, self.request)
self.widgets.update()
def update_actions(self):
""" Prepare form actions, this method should be called directly.
``Form.update`` calls this method during initialization."""
self.actions = Actions(self, self.request)
self.actions.update()
def update_form(self, data=None):
""" update form """
if not self.content and data:
self.content = data
self.update_widgets()
self.update_actions()
ac_result = self.actions.execute()
if IResponse.providedBy(ac_result):
raise HTTPResponseIsReady(ac_result)
result = self.update()
if IResponse.providedBy(result):
raise HTTPResponseIsReady(result)
if result is None:
result = {}
if ac_result is not None:
result.update(ac_result)
return result
def update(self):
""" Update form """
return {}
def render(self):
""" render form """
return render(self.request, self.tmpl_view, self,
actions = self.actions,
widgets = self.widgets)
def validate(self, data, errors):
""" Custom form validation """
def validate_form(self, data, errors):
""" Form validation """
self.validate_csrf_token()
try:
self.validate(data, errors)
except Invalid as err:
errors.append(err)
def validate_csrf_token(self):
""" csrf token validation """
if self.csrf:
token = self.form_params().get(self.csrf_name, None)
if token is not None:
if self.csrf_token == token:
return
raise HTTPForbidden("Form authenticator is not found.")
def extract(self):
""" extract form values """
return self.widgets.extract()
def add_error_message(self, msg):
""" add form error message """
add_message(self.request, msg, 'form:error')
def __call__(self):
""" update form and render form to response """
try:
result = self.update_form()
except HTTPResponseIsReady as result:
return result.args[0]
except HTTPException as result:
return result
response = self.request.registry.queryAdapterOrSelf(result, IResponse)
if response is not None:
return response
body = self.render()
response = self.request.response
if isinstance(body, bytes):
response.body = body
else:
response.text = body
return response
