class Form(view.View): """A form """ interface.implements(IForm, IInputForm) fields = Fieldset() buttons = None #: Form label label = None #: Form description description = "" #: Form prefix, it used for html elements `id` generations. prefix = "form." #: Instance of py:class:`memphis.form.Actions` class actions = None #: Instance of py:class:`FormWidgets` class widgets = None #: Form content, it should be `None` or dictionary with data for fields. content = None #: Form mode. It can be py:data::`memphis.form.FORM_INPUT` or #: py:data::`memphis.form.FORM_DISPLAY` mode = FORM_INPUT method = "post" enctype = "multipart/form-data" accept = None acceptCharset = None csrf = False csrfname = "csrf-token" params = UnicodeMultiDict(MultiDict({}), "utf-8") def __init__(self, context, request): super(Form, self).__init__(context, request) if self.buttons is None: self.buttons = Buttons() @reify def action(self): return self.request.url @reify def name(self): return self.prefix.strip(".") @reify def id(self): return self.name.replace(".", "-") def getContent(self): return self.content def getParams(self): if self.method == "post": return self.request.POST elif self.method == "get": return self.request.GET elif self.method == "params": return self.params else: return self.params def updateWidgets(self): self.widgets = FormWidgets(self.fields, self, self.request) self.widgets.mode = self.mode self.widgets.update() def updateActions(self): self.actions = Actions(self, self.request) self.actions.update() @property def token(self): if CSRF is not None: return CSRF.generate(self.tokenData) @reify def tokenData(self): return "%s.%s:%s" % (self.__module__, self.__class__.__name__, security.authenticated_userid(self.request)) def validate(self, data, errors): self.validateToken() def validateToken(self): # check csrf token if self.csrf: token = self.getParams().get(self.csrfname, None) if token is not None: if CSRF is not None: if CSRF.get(token) == self.tokenData: return raise HTTPForbidden("Form authenticator is not found.") def extract(self): return self.widgets.extract() def update(self): self.updateWidgets() self.updateActions() self.actions.execute() def render(self): if self.template is None: return self.pagelet(FORM_VIEW, self) kwargs = {"view": self, "context": self.context, "request": self.request} return self.template(**kwargs)
def updateActions(self): self.actions = Actions(self, self.request) self.actions.update()