def authenticate(self): try: username = request.params['username'] password = request.params['password'] password = User.hash(password) user = Session.query(User).filter(User.username == username).\ filter(User.password == password).\ one() except: session['flash'] = 'Authentication Failed' session.save() return redirect('/login') session['user'] = { 'id': 'user.id', 'username': '******' } session['flash'] = 'Successfully logged in' session.save() if session.get('path_before_login'): return redirect(session['path_before_login']) else: return redirect('/')
def show(self, id, format='html'): """GET /pages/id: Show a specific item""" # url('page', id=ID) if id is None: abort(404) page = Session.query(Page).filter_by(id = id).first() if page is None: abort(404) context = {'page': page} return render('/pages/show.html', context)
def edit(self, id, format='html'): """GET /pages/id/edit: Form to edit an existing item""" # url('edit_page', id=ID) if id is not None: page = Session.query(Page).filter_by(id = id).first() if page is None: abort(404) else: redirect('/pages/new') edit_form = page_form.bind(page) context = { 'page_form': edit_form.render(), 'page': page } return render('pages/edit.html', context)
def delete(self, id): """DELETE /pages/id: Delete an existing item""" # Forms posted to this method should contain a hidden field: # <input type="hidden" name="_method" value="DELETE" /> # Or using helpers: # h.form(url('page', id=ID), # method='delete') # url('page', id=ID) if id is None: abort(404) page = Session.query(Page).filter_by(id = id).first() if page is None: abort(404) if request.params.get('_method') == 'DELETE': Session.delete(page) Session.commit() context = {'confirm': True} else: context = {'id': id} return render('pages/delete.html', context)
def update(self, id): """PUT /pages/id: Update an existing item""" # Forms posted to this method should contain a hidden field: # <input type="hidden" name="_method" value="PUT" /> # Or using helpers: # h.form(url('page', id=ID), # method='put') # url('page', id=ID) if id is not None: page = Session.query(Page).filter_by(id = id).first() if page is None: abort(404) edit_form = page_form.bind(page, data=request.POST) if request.POST and edit_form.validate(): edit_form.sync() Session.commit() redirect('/pages/show/%s' % id) context = { 'edit_form': edit_form.render(), 'page': page } return render('pages/edit.html', context)