def make_name(dataset, label): from openspending.lib.util import slugify from itertools import count name = name_orig = slugify(label) view = View.by_name(dataset, name) for i in count(): if view is None: return name name = name_orig + str(i) view = View.by_name(dataset, name)
def update(self, dataset, name): """ Update dataset. Does nothing at the moment. """ # Get the dataset for the view self._get_dataset(dataset) # Get the named view view = View.by_name(c.dataset, name) # User must be allowed to update the named view require.view.update(c.dataset, view) # Possible update values # We don't update the view's name because it might have been embedded view.label = request.params.get('label', view.label) try: # Try to load the state view.state = json.loads(request.params['state']) except: pass view.description = request.params.get('description', view.description) # Commit the changes db.session.commit() # Redirect to the view page for this view redirect(h.url_for(controller='view', action='view', dataset=c.dataset.name, name=view.name))
def index(self, dataset, format='html'): self._get_dataset(dataset) handle_request(request, c, c.dataset) c.views = View.all_by_dataset(c.dataset) if format == 'json': return to_jsonp([v.as_dict() for v in c.views]) else: return templating.render('view/index.html')
def create(self, dataset): self._get_dataset(dataset) require.view.create(c.dataset) handle_request(request, c, c.dataset) try: data = CreateView().deserialize(request.params) view = View(c.dataset, c.account, data['widget'], data['state']) view.name = make_name(c.dataset, data['label']) view.label = data['label'] view.description = data['description'] view.public = True db.session.add(view) db.session.commit() redirect(h.url_for(controller='view', action='view', dataset=c.dataset.name, name=view.name)) except colander.Invalid as inv: return self.new(dataset, errors=inv.asdict())
def create(self, dataset): self._get_dataset(dataset) require.view.create(c.dataset) handle_request(request, c, c.dataset) try: data = CreateView().deserialize(request.params) view = View() view.dataset = c.dataset view.account = c.account view.widget = data['widget'] view.state = data['state'] view.name = make_name(c.dataset, data['label']) view.label = data['label'] view.description = data['description'] view.public = True db.session.add(view) db.session.commit() redirect( h.url_for(controller='view', action='view', dataset=c.dataset.name, name=view.name)) except colander.Invalid as inv: return self.new(dataset, errors=inv.asdict())
def test_delete(self): # TODO: Create the view using a fixture self.app.post(url(controller='view', action='create', dataset='cra'), params={'widget': 'treemap', 'label': 'I am a banana!', 'state': '{"foo":"banana"}'}, extra_environ={'REMOTE_USER': '******'}) response = self.app.delete(url(controller='view', action='delete', dataset='cra', name='i-am-a-banana'), extra_environ={'REMOTE_USER': '******'}) dataset = Dataset.by_name('cra') view = View.by_name(dataset, 'i-am-a-banana') assert view is None assert '302' in response.status
def sitemap(self, dataset): self._get_dataset(dataset) pages = [] for action in ['view', 'about']: pages.append({ 'loc': h.url_for(controller='dataset', action=action, dataset=c.dataset.name, qualified=True), 'lastmod': c.dataset.updated_at, 'priority': 0.8}) for view in View.all_by_dataset(c.dataset): pages.append({ 'loc': h.url_for(controller='view', action='view', dataset=dataset, name=view.name, qualified=True), 'lastmod': view.updated_at }) return sitemap(pages)
def test_delete(self): # TODO: Create the view using a fixture self.app.post(url(controller='view', action='create', dataset='cra'), params={ 'widget': 'treemap', 'label': 'I am a banana!', 'state': '{"foo":"banana"}' }, extra_environ={'REMOTE_USER': '******'}) response = self.app.delete(url(controller='view', action='delete', dataset='cra', name='i-am-a-banana'), extra_environ={'REMOTE_USER': '******'}) dataset = Dataset.by_name('cra') view = View.by_name(dataset, 'i-am-a-banana') assert view is None assert '302' in response.status
def sitemap(self, dataset): self._get_dataset(dataset) pages = [] for action in ["view", "about"]: pages.append( { "loc": h.url_for(controller="dataset", action=action, dataset=c.dataset.name, qualified=True), "lastmod": c.dataset.updated_at, "priority": 0.8, } ) for view in View.all_by_dataset(c.dataset): pages.append( { "loc": h.url_for(controller="view", action="view", dataset=dataset, name=view.name, qualified=True), "lastmod": view.updated_at, } ) return sitemap(pages)
def _get_named_view(self, dataset, name): self._get_dataset(dataset) c.named_view = View.by_name(c.dataset, name) if c.named_view is None: abort(404, _('Sorry, there is no view %r') % name) require.view.read(c.dataset, c.named_view)
def create_view(dataset, view_config): """ Create view for a provided dataset from a view provided as dict """ # Check if it exists (if not we create it) existing = View.by_name(dataset, view_config['name']) if existing is None: # Create the view view = View() # Set saved configurations view.widget = view_config['widget'] view.state = view_config['state'] view.name = view_config['name'] view.label = view_config['label'] view.description = view_config['description'] view.public = view_config['public'] # Set the dataset as the current dataset view.dataset = dataset # Try and set the account provided but if it doesn't exist # revert to shell account view.account = Account.by_name(view_config['account']) if view.account is None: view.account = shell_account() # Commit view to database db.session.add(view) db.session.commit()
def test_update(self): """ Test the update function of a view. """ # Create the view (we do it via a controller but it would be # better to create it manually (or via a fixture) self.app.post(url(controller='view', action='create', dataset='cra'), params={'widget': 'treemap', 'label': 'I am a banana!', 'state': '{"foo":"banana"}'}, extra_environ={'REMOTE_USER': '******'}) # Check whether a non-user can update the view response = self.app.post(url(controller='view', action='update', dataset='cra', name='i-am-a-banana'), params={'label': 'I am an apple', 'state': '{"foo":"apple"}', 'description': 'An apple!'}, expect_errors=True) # The user should receive a 403 Forbidden (actually should get 401) assert '403' in response.status, \ "A non-user was able to update a view" dataset = Dataset.by_name('cra') view = View.by_name(dataset, 'i-am-a-banana') assert view.label == 'I am a banana!', \ "View's label was changed by a non-user" assert view.state['foo'] == 'banana', \ "View's state was changed by a non-user" assert view.description is None, \ "View's description was changed by a non-user" # Check whether an unauthorized user can update the view response = self.app.post(url(controller='view', action='update', dataset='cra', name='i-am-a-banana'), params={'label': 'I am an apple', 'state': '{"foo":"apple"}', 'description': 'An apple!'}, expect_errors=True, extra_environ={'REMOTE_USER': '******'}) # The user should receive a 403 (Forbidden) assert '403' in response.status, \ "Unauthorized user was able to update a view" dataset = Dataset.by_name('cra') view = View.by_name(dataset, 'i-am-a-banana') assert view.label == 'I am a banana!', \ "View's label was changed by an unauthorized user" assert view.state['foo'] == 'banana', \ "View's state was changed by an unauthorized user" assert view.description is None, \ "View's description was changed by an unauthorized user" # Check whether a managing user can update the view response = self.app.post(url(controller='view', action='update', dataset='cra', name='i-am-a-banana'), params={'label': 'I am an apple', 'name': 'can-i-be-an-apple', 'state': '{"foo":"apple"}', 'description': 'An apple!'}, extra_environ={'REMOTE_USER': '******'}) dataset = Dataset.by_name('cra') view = View.by_name(dataset, 'i-am-a-banana') # Name cannot have been changed because the view might have been # embedded elsewhere (cannot be changed by params nor be re-slugified) assert view is not None, \ "View's name was changed by update" assert view.label == 'I am an apple', \ "View's label wasn't changed by the managing user" assert view.state['foo'] == 'apple', \ "View's state wasn't changed by the managing user" assert view.description == 'An apple!', \ "View's description wasn't changed by the managing user"
def test_update(self): """ Test the update function of a view. """ # Create the view (we do it via a controller but it would be # better to create it manually (or via a fixture) self.app.post(url(controller='view', action='create', dataset='cra'), params={ 'widget': 'treemap', 'label': 'I am a banana!', 'state': '{"foo":"banana"}' }, extra_environ={'REMOTE_USER': '******'}) # Check whether a non-user can update the view response = self.app.post(url(controller='view', action='update', dataset='cra', name='i-am-a-banana'), params={ 'label': 'I am an apple', 'state': '{"foo":"apple"}', 'description': 'An apple!' }, expect_errors=True) # The user should receive a 403 Forbidden (actually should get 401) assert '403' in response.status, \ "A non-user was able to update a view" dataset = Dataset.by_name('cra') view = View.by_name(dataset, 'i-am-a-banana') assert view.label == 'I am a banana!', \ "View's label was changed by a non-user" assert view.state['foo'] == 'banana', \ "View's state was changed by a non-user" assert view.description is None, \ "View's description was changed by a non-user" # Check whether an unauthorized user can update the view response = self.app.post(url(controller='view', action='update', dataset='cra', name='i-am-a-banana'), params={ 'label': 'I am an apple', 'state': '{"foo":"apple"}', 'description': 'An apple!' }, expect_errors=True, extra_environ={'REMOTE_USER': '******'}) # The user should receive a 403 (Forbidden) assert '403' in response.status, \ "Unauthorized user was able to update a view" dataset = Dataset.by_name('cra') view = View.by_name(dataset, 'i-am-a-banana') assert view.label == 'I am a banana!', \ "View's label was changed by an unauthorized user" assert view.state['foo'] == 'banana', \ "View's state was changed by an unauthorized user" assert view.description is None, \ "View's description was changed by an unauthorized user" # Check whether a managing user can update the view response = self.app.post(url(controller='view', action='update', dataset='cra', name='i-am-a-banana'), params={ 'label': 'I am an apple', 'name': 'can-i-be-an-apple', 'state': '{"foo":"apple"}', 'description': 'An apple!' }, extra_environ={'REMOTE_USER': '******'}) dataset = Dataset.by_name('cra') view = View.by_name(dataset, 'i-am-a-banana') # Name cannot have been changed because the view might have been # embedded elsewhere (cannot be changed by params nor be re-slugified) assert view is not None, \ "View's name was changed by update" assert view.label == 'I am an apple', \ "View's label wasn't changed by the managing user" assert view.state['foo'] == 'apple', \ "View's state wasn't changed by the managing user" assert view.description == 'An apple!', \ "View's description wasn't changed by the managing user"