def rest_create(request, callback=None):
"""Create a new item of type clazz. The item will be
initialised with the data provided in the submitted POST request.
The submitted data will be validated before the item is actually
saved. If the submission fails the item is not saved in the
database. In all cases the item is returned as JSON object with the
item and updated values back to the client. The JSON Response will
include further details on the reason why the validation failed.
:clazz: Class of item to create
:request: Current request
:returns: JSON object.
"""
clazz = request.context.__model__
# Create a new item.
factory = clazz.get_item_factory()
item = factory.create(request.user)
# Initialise the create form for the item to be able to validate the
# submitted data.
form = Form(get_form_config(item, 'create'),
item, request.db, translate=request.translate,
csrf_token=request.session.get_csrf_token())
if form.validate(request.params):
sitem = form.save()
return JSONResponse(True, sitem)
else:
# Validation fails! return item
return JSONResponse(False, sitem)
def login(request):
handle_history(request)
_ = request.translate
settings = request.registry.settings
config = Config(load(get_path_to_form_config('auth.xml', 'ringo')))
form_config = config.get_form('loginform')
form = Form(form_config, csrf_token=request.session.get_csrf_token(),
translate=_)
if request.POST:
form.validate(request.params)
username = form.data.get('login')
password = form.data.get('pass')
user = user_login(username, password)
if user is None:
msg = _("Login failed!")
request.session.flash(msg, 'error')
elif not user.activated:
msg = _("Login failed!")
request.session.flash(msg, 'error')
target_url = request.route_path('accountdisabled')
return HTTPFound(location=target_url)
else:
msg = _("Login was successfull")
request.session.flash(msg, 'success')
headers = remember(request, user.id)
target_url = request.route_path('home')
return HTTPFound(location=target_url, headers=headers)
return {'form': form.render(),
'registration_enabled': is_registration_enabled(settings),
'pwreminder_enabled': is_pwreminder_enabled(settings)}
def forgot_password(request):
settings = request.registry.settings
if not is_pwreminder_enabled(settings):
raise exc.exception_response(503)
handle_history(request)
_ = request.translate
config = Config(load(get_path_to_form_config('auth.xml')))
form_config = config.get_form('forgot_password')
form = Form(form_config, csrf_token=request.session.get_csrf_token(),
translate=_)
complete = False
if request.POST:
if form.validate(request.params):
username = form.data.get('login')
user = request_password_reset(username, request.db)
if user:
mailer = Mailer(request)
recipient = user.profile[0].email
token = user.reset_tokens[-1]
subject = _('Password reset request')
values = {'url': request.route_url('reset_password',
token=token),
'app_name': get_app_title(),
'email': settings['mail.default_sender'],
'_': _}
mail = Mail([recipient],
subject,
template="password_reset_request",
values=values)
mailer.send(mail)
msg = _("Password reset token has been sent to the users "
"email address. Please check your email.")
request.session.flash(msg, 'success')
complete = True
return {'form': form.render(), 'complete': complete}
def removeaccount(request):
"""Method to remove the useraccout by the user."""
# Check authentification
# The view is only available for authenticated users and callable
# if the user is not the admin unser (id=1)
id = request.matchdict.get('id')
if not request.user or id == '1':
raise HTTPUnauthorized
clazz = User
_ = request.translate
# Load the item return 400 if the item can not be found.
factory = clazz.get_item_factory()
try:
item = factory.load(id, request.db)
# Check authorisation
if item.id != request.user.id:
raise HTTPForbidden()
except sa.orm.exc.NoResultFound:
raise HTTPBadRequest()
form = Form(get_form_config(item, 'removeaccount'),
item,
request.db,
translate=_,
renderers={},
change_page_callback={
'url': 'set_current_form_page',
'item': clazz.__tablename__,
'itemid': id
},
request=request,
csrf_token=request.session.get_csrf_token(),
dependencies=create_dependencies(request))
if request.POST:
mapping = {'item': item}
if form.validate(request.params):
# Delete the account and redirect the user to a result page
request.db.delete(item)
headers = forget(request)
target_url = request.route_path('users-accountremoved')
return HTTPFound(location=target_url, headers=headers)
else:
msg = _('Deleting the account of '
'"${item}" failed.',
mapping=mapping)
log.info(msg)
request.session.flash(msg, 'error')
rvalue = {}
rvalue['clazz'] = clazz
rvalue['item'] = item
rvalue['form'] = form.render(page=get_current_form_page(clazz, request))
return rvalue
def get_item_form(name, request, renderers=None, validators=None, values=None):
"""Will return a form for the given item
:name: Name of the form
:request: Current request
:renderers: Dictionary of external renderers which should be used
for renderering some form elements.
:validators: List of external formbar validators which should be
added to the form for validation
:values: Dictionary with external values to prefill the form or add
addional values for rule evaluation.
:returns: Form
"""
if renderers is None:
renderers = {}
if validators is None:
validators = []
if values is None:
values = {}
item = get_item_from_request(request)
renderers = add_renderers(renderers)
clazz = request.context.__model__
name = request.session.get("%s.form" % clazz) or name
# handle blobforms
if isinstance(item, Blobform):
# TODO: Why not use the get_form_config method here. This can
# handle Blobforms and usual form configs. () <2014-08-26 22:21>
item, formconfig = get_blobform_config(request, item, name)
else:
formconfig = get_form_config(item, name)
form = Form(formconfig,
item,
request.db,
translate=request.translate,
renderers=renderers,
change_page_callback={
'url': 'set_current_form_page',
'item': clazz.__tablename__,
'itemid': item.id
},
request=request,
csrf_token=request.session.get_csrf_token(),
eval_url=get_eval_url(),
url_prefix=get_app_url(request),
locale=locale_negotiator(request),
values=values,
timezone=get_timezone(request),
dependencies=create_dependencies(request))
# Add validators
for validator in validators:
form.add_validator(validator)
return form
def __init__(self, request, clazz):
"""@todo: to be defined """
DialogRenderer.__init__(self, request, clazz, "import")
self.template = template_lookup.get_template("internal/import.mako")
config = Config(load(get_path_to_form_config('import.xml', 'ringo')))
form_config = config.get_form('default')
self.form = Form(form_config,
csrf_token=self._request.session.get_csrf_token(),
dbsession=request.db,
eval_url=get_eval_url(),
url_prefix=get_app_url(request))
def __init__(self, request, clazz):
"""@todo: to be defined """
DialogRenderer.__init__(self, request, clazz, "evaluate")
self.template = template_lookup.get_template("internal/evaluation.mako")
config = Config(load(get_path_to_form_config('evaluations.xml', 'ringo_evaluation', location=".")))
form_config = config.get_form('dialog')
url_prefix = request.application_url
self.form = Form(form_config,
csrf_token=self._request.session.get_csrf_token(),
translate=request.translate,
eval_url=get_eval_url(),
url_prefix=url_prefix)
def removeaccount(request):
"""Method to remove the useraccout by the user."""
# Check authentification
# The view is only available for authenticated users and callable
# if the user is not the admin unser (id=1)
id = request.matchdict.get('id')
if not request.user or id == '1':
raise HTTPUnauthorized
clazz = User
_ = request.translate
handle_history(request)
handle_params(request)
# Load the item return 400 if the item can not be found.
factory = clazz.get_item_factory()
try:
item = factory.load(id, request.db)
# Check authorisation
if item.id != request.user.id:
raise HTTPForbidden()
except sa.orm.exc.NoResultFound:
raise HTTPBadRequest()
form = Form(get_form_config(item, 'removeaccount'),
item, request.db, translate=_,
renderers={},
change_page_callback={'url': 'set_current_form_page',
'item': clazz.__tablename__,
'itemid': id},
request=request, csrf_token=request.session.get_csrf_token())
if request.POST:
mapping = {'item': item}
if form.validate(request.params):
# Delete the account and redirect the user to a result page
request.db.delete(item)
headers = forget(request)
target_url = request.route_path('users-accountremoved')
return HTTPFound(location=target_url, headers=headers)
else:
msg = _('Deleting the account of '
'"${item}" failed.', mapping=mapping)
log.info(msg)
request.session.flash(msg, 'error')
rvalue = {}
rvalue['clazz'] = clazz
rvalue['item'] = item
rvalue['form'] = form.render(page=get_current_form_page(clazz, request))
return rvalue
def login(request):
_ = request.translate
settings = request.registry.settings
config = Config(load(get_path_to_form_config('auth.xml')))
form_config = config.get_form('loginform')
form = Form(form_config,
csrf_token=request.session.get_csrf_token(),
translate=_)
if request.POST:
form.validate(request.params)
username = form.data.get('login')
password = form.data.get('pass')
user = user_login(username, password)
if user is None:
msg = _("Login failed!")
request.session.flash(msg, 'error')
elif not user.activated:
msg = _("Login failed!")
request.session.flash(msg, 'error')
target_url = request.route_path('accountdisabled')
return HTTPFound(location=target_url)
else:
# Handle authentication callback.
if is_authcallback_enabled(settings):
authenticated = False
try:
callback = dynamic_import(settings.get("auth.callback"))
callback(request, user)
authenticated = True
except AuthentificationException as e:
msg = e.message
request.session.flash(msg, 'critical')
else:
authenticated = True
if authenticated:
# Delete old session data and begin with new fresh session.
request.session.invalidate()
msg = _("Login was successfull")
request.session.flash(msg, 'success')
headers = remember(request, user.id)
target_url = request.route_path('home')
return HTTPFound(location=target_url, headers=headers)
return {
'form': form.render(),
'registration_enabled': is_registration_enabled(settings),
'pwreminder_enabled': is_pwreminder_enabled(settings)
}
def test_create_save(self):
form_config = self.config.get_form('userform2')
item = User()
# Important! Provide the dbsession if you want to create a new
# item
form = Form(form_config, item, self.session)
values = {"name": "paulpaulpaul", "fullname": "Paul Wright",
"password": "******"}
if form.validate(values):
saved_item = form.save()
self.assertEqual(saved_item, item)
result = self.session.query(User).all()
self.assertEqual(len(result), 1)
self.assertEqual(result[0].name, "paulpaulpaul")
def get_item_form(name, request, renderers=None, validators=None, values=None):
"""Will return a form for the given item
:name: Name of the form
:request: Current request
:renderers: Dictionary of external renderers which should be used
for renderering some form elements.
:validators: List of external formbar validators which should be
added to the form for validation
:values: Dictionary with external values to prefill the form or add
addional values for rule evaluation.
:returns: Form
"""
if renderers is None:
renderers = {}
if validators is None:
validators = []
if values is None:
values = {}
item = get_item_from_request(request)
renderers = add_renderers(renderers)
clazz = request.context.__model__
name = request.session.get("%s.form" % clazz) or name
## handle blobforms
if isinstance(item, Blobform):
# TODO: Why not use the get_form_config method here. This can
# handle Blobforms and usual form configs. () <2014-08-26 22:21>
item, formconfig = get_blobform_config(request, item, name)
else:
formconfig = get_form_config(item, name)
form = Form(formconfig, item, request.db,
translate=request.translate,
renderers=renderers,
change_page_callback={'url': 'set_current_form_page',
'item': clazz.__tablename__,
'itemid': item.id},
request=request,
csrf_token=request.session.get_csrf_token(),
eval_url=get_eval_url(),
url_prefix=get_app_url(request),
locale=locale_negotiator(request),
values=values)
# Add validators
for validator in validators:
form.add_validator(validator)
return form
def test_edit_save(self):
form_config = self.config.get_form('userform2')
item = self._insert_item()
item = self._insert_item()
result = self.session.query(User).all()
form = Form(form_config, item)
result = self.session.query(User).all()
values = {"name": "paulpaulpaul", "fullname": "Paul Wright",
"password": "******"}
if form.validate(values):
form.save()
result = self.session.query(User).all()
self.assertEqual(len(result), 2)
self.assertEqual(result[0].name, "ed")
self.assertEqual(result[1].name, "paulpaulpaul")
class ImportDialogRenderer(DialogRenderer):
"""Docstring for ImportDialogRenderer"""
def __init__(self, request, clazz):
"""@todo: to be defined """
DialogRenderer.__init__(self, request, clazz, "import")
self.template = template_lookup.get_template("internal/import.mako")
config = Config(load(get_path_to_form_config('import.xml', 'ringo')))
form_config = config.get_form('default')
self.form = Form(form_config,
csrf_token=self._request.session.get_csrf_token(),
dbsession=request.db,
eval_url=get_eval_url(),
url_prefix=get_app_url(request))
def render(self, items):
values = {}
values['request'] = self._request
values['body'] = self._render_body()
values['modul'] = get_item_modul(self._request, self._item).get_label(plural=True)
values['action'] = self._action.capitalize()
values['ok_url'] = self._request.current_route_path()
values['_'] = self._request.translate
values['cancel_url'] = self._request.referrer
values['overview_url'] = self._request.route_path(get_action_routename(self._item, 'list'))
values['eval_url'] = self._request.application_url+get_eval_url()
values['items'] = items
values['h'] = ringo.lib.helpers
return literal(self.template.render(**values))
def _render_body(self):
# The output of the form render function of formbar is
# considered safe here as formbar already handles the escapeing.
# So we put it into the literal function to mark it save.
return literal(self.form.render(buttons=False))
class ImportDialogRenderer(DialogRenderer):
"""Docstring for ImportDialogRenderer"""
def __init__(self, request, clazz):
"""@todo: to be defined """
DialogRenderer.__init__(self, request, clazz, "import")
self.template = template_lookup.get_template("internal/import.mako")
config = Config(load(get_path_to_form_config('import.xml', 'ringo')))
form_config = config.get_form('default')
self.form = Form(form_config,
csrf_token=self._request.session.get_csrf_token(),
dbsession=request.db,
eval_url=get_eval_url(),
url_prefix=get_app_url(request))
def render(self, items):
values = {}
values['request'] = self._request
values['body'] = self._render_body()
values['modul'] = get_item_modul(self._request, self._item).get_label(plural=True)
values['action'] = self._action.capitalize()
values['ok_url'] = self._request.current_route_path()
values['_'] = self._request.translate
values['cancel_url'] = self._request.referrer
values['overview_url'] = self._request.route_path(get_action_routename(self._item, 'list'))
values['eval_url'] = self._request.application_url+get_eval_url()
values['items'] = items
values['h'] = ringo.lib.helpers
return literal(self.template.render(**values))
def _render_body(self):
# The output of the form render function of formbar is
# considered safe here as formbar already handles the escapeing.
# So we put it into the literal function to mark it save.
return literal(self.form.render(buttons=False))
def login(request):
handle_history(request)
_ = request.translate
settings = request.registry.settings
config = Config(load(get_path_to_form_config('auth.xml')))
form_config = config.get_form('loginform')
form = Form(form_config, csrf_token=request.session.get_csrf_token(),
translate=_)
if request.POST:
form.validate(request.params)
username = form.data.get('login')
password = form.data.get('pass')
user = user_login(username, password)
if user is None:
msg = _("Login failed!")
request.session.flash(msg, 'error')
elif not user.activated:
msg = _("Login failed!")
request.session.flash(msg, 'error')
target_url = request.route_path('accountdisabled')
return HTTPFound(location=target_url)
else:
# Handle authentication callback.
if is_authcallback_enabled(settings):
authenticated = False
try:
callback = dynamic_import(settings.get("auth.callback"))
callback(request, user)
authenticated = True
except AuthentificationException as e:
msg = e.message
request.session.flash(msg, 'critical')
else:
authenticated = True
if authenticated:
msg = _("Login was successfull")
request.session.flash(msg, 'success')
headers = remember(request, user.id)
target_url = request.route_path('home')
return HTTPFound(location=target_url, headers=headers)
return {'form': form.render(),
'registration_enabled': is_registration_enabled(settings),
'pwreminder_enabled': is_pwreminder_enabled(settings)}
def test_create_save(self):
form_config = self.config.get_form('userform2')
item = User()
# Important! Provide the dbsession if you want to create a new
# item
form = Form(form_config, item, self.session)
values = {
"name": "paulpaulpaul",
"fullname": "Paul Wright",
"password": "******"
}
if form.validate(values):
saved_item = form.save()
self.assertEqual(saved_item, item)
result = self.session.query(User).all()
self.assertEqual(len(result), 1)
self.assertEqual(result[0].name, "paulpaulpaul")
def render(request):
"""Will return a JSONResponse with a rendererd form. The form
defintion and the formid is provided in the POST request."""
_ = request.translate
form_config = request.POST.get("definition")
config_name = request.POST.get("formid")
out = []
try:
config = Config(parse(form_config))
form_config = config.get_form(config_name)
form = Form(form_config, None, request.db,
csrf_token=request.session.get_csrf_token())
out.append(form.render(buttons=False, outline=False))
except Exception as ex:
out.append(_('ERROR: %s' % str(ex)))
data = {"form": "".join(out)}
return JSONResponse(True, data, {"msg": "Ole!"})
def forgot_password(request):
settings = request.registry.settings
if not is_pwreminder_enabled(settings):
raise exc.exception_response(503)
_ = request.translate
config = Config(load(get_path_to_form_config('auth.xml')))
form_config = config.get_form('forgot_password')
form = Form(form_config,
csrf_token=request.session.get_csrf_token(),
translate=_)
complete = False
msg = None
if request.POST:
if form.validate(request.params):
username = form.data.get('login')
user = request_password_reset(username, request.db)
if user and user.profile[0].email:
recipient = user.profile[0].email
mailer = Mailer(request)
token = user.reset_tokens[-1]
subject = _('Password reset request')
values = {
'url': request.route_url('reset_password', token=token),
'app_name': get_app_title(),
'email': settings['mail.default_sender'],
'username': username,
'_': _
}
mail = Mail([recipient],
subject,
template="password_reset_request",
values=values)
mailer.send(mail)
log.info(u"Passwort reset token sent to "
u"user {} with email {}".format(username, recipient))
else:
log.info(u"Failed sending Passwort reset token for {}. "
u"User not found or missing email".format(username))
# Return a message to the user which does not allow to get
# information about the existence of a user.
msg = _("If the user has been found together with configured "
"e-mail, a confirmation mail for resetting the password "
"has been sent. Please check your e-mail box.")
request.session.flash(msg, 'success')
complete = True
return {'form': form.render(), 'complete': complete, 'msg': msg}
def test_edit_save(self):
form_config = self.config.get_form('userform2')
item = self._insert_item()
item = self._insert_item()
result = self.session.query(User).all()
form = Form(form_config, item)
result = self.session.query(User).all()
values = {
"name": "paulpaulpaul",
"fullname": "Paul Wright",
"password": "******"
}
if form.validate(values):
form.save()
result = self.session.query(User).all()
self.assertEqual(len(result), 2)
self.assertEqual(result[0].name, "ed")
self.assertEqual(result[1].name, "paulpaulpaul")
def render(request):
"""Will return a JSONResponse with a rendererd form. The form
defintion and the formid is provided in the POST request."""
_ = request.translate
form_config = request.POST.get("definition")
config_name = request.POST.get("formid")
out = []
try:
config = Config(parse(form_config))
form_config = config.get_form(config_name)
form = Form(form_config,
None,
request.db,
csrf_token=request.session.get_csrf_token())
out.append(form.render(buttons=False, outline=False))
except Exception as ex:
out.append(_('ERROR: %s' % str(ex)))
data = {"form": "".join(out)}
return JSONResponse(True, data, {"msg": "Ole!"})
def __init__(self, request, clazz):
"""@todo: to be defined """
DialogRenderer.__init__(self, request, clazz, "import")
self.template = template_lookup.get_template("internal/import.mako")
config = Config(load(get_path_to_form_config('import.xml', 'ringo')))
form_config = config.get_form('default')
self.form = Form(form_config,
csrf_token=self._request.session.get_csrf_token(),
dbsession=request.db,
eval_url=get_eval_url(),
url_prefix=get_app_url(request))
class PrintDialogRenderer(DialogRenderer):
"""Docstring for ImportDialogRenderer"""
def __init__(self, request, clazz):
"""@todo: to be defined """
DialogRenderer.__init__(self, request, clazz, "print")
self.template = template_lookup.get_template("internal/print.mako")
config = Config(
load(
get_path_to_form_config('print.xml', 'ringo_printtemplate',
'.')))
form_config = config.get_form('default')
# Load available_printtemplates and put them into the form as
# external data. This than later used to render the available
# printtemplates.
mid = clazz._modul_id
values = {}
values['printtemplates'] = [(p, p.id)
for p in self._item.printtemplates]
self.form = Form(form_config,
item=clazz,
csrf_token=self._request.session.get_csrf_token(),
dbsession=request.db,
translate=request.translate,
url_prefix=get_app_url(request),
eval_url=get_eval_url(),
values=values)
def render(self):
modul = get_item_modul(self._request, self._item)
template_modul = get_item_modul(self._request, Printtemplate)
values = {}
values['request'] = self._request
values['body'] = self._render_body()
values['modul'] = modul.get_label(plural=True)
values['header'] = template_modul.get_label(plural=True)
values['action'] = self._action.capitalize()
values['ok_text'] = template_modul.get_label(plural=False)
values['ok_url'] = self._request.current_route_path()
values['_'] = self._request.translate
values['cancel_url'] = self._request.ringo.history.last(
) or self._request.url.replace("print", "read")
values['eval_url'] = self.form._eval_url
values['h'] = ringo.lib.helpers
return literal(self.template.render(**values))
def _render_body(self):
out = []
out.append(self.form.render(buttons=False))
return literal("").join(out)
def example(request):
config = Config(load(os.path.join(example_dir, 'example.xml')))
form_config = config.get_form('example')
form = Form(form_config, eval_url="/evaluate", request=request)
if request.POST:
form.validate(request.POST)
else:
form.validate({})
template = template_lookup.get_template("index.mako")
values = {'form': form.render()}
return Response(template.render(**values))
def __init__(self, request, clazz):
"""@todo: to be defined """
DialogRenderer.__init__(self, request, clazz, "print")
self.template = template_lookup.get_template("internal/print.mako")
config = Config(
load(
get_path_to_form_config('print.xml', 'ringo_printtemplate',
'.')))
form_config = config.get_form('default')
# Load available_printtemplates and put them into the form as
# external data. This than later used to render the available
# printtemplates.
mid = clazz._modul_id
values = {}
values['printtemplates'] = [(p, p.id)
for p in self._item.printtemplates]
self.form = Form(form_config,
item=clazz,
csrf_token=self._request.session.get_csrf_token(),
dbsession=request.db,
translate=request.translate,
url_prefix=get_app_url(request),
eval_url=get_eval_url(),
values=values)
def trainable_index_view(request):
values = index_view(request)
if request.user:
client = Client()
client_id = request.user.profile[0].strava_client_id
redirect_uri = request.route_url("authstrava")
url = client.authorization_url(client_id=client_id,
redirect_uri=redirect_uri,
scope="view_private")
_ = request.translate
config = Config(load(get_path_to_form_config('strava.xml')))
form_config = config.get_form('syncform')
form = Form(form_config, csrf_token=request.session.get_csrf_token(),
translate=_, locale="de", eval_url=get_eval_url())
if request.POST and form.validate(request.params):
sync(request, form.data.get("sport"),
form.data.get("start"), form.data.get("end"),
form.data.get("commute"))
values["fitness"] = get_fitness(0, 0, get_activities_for_user(request))
values["strava_auth_url"] = url
values["strava_syncform"] = form.render()
return values
class TestInheritedForm(unittest.TestCase):
def setUp(self):
tree = load(os.path.join(test_dir, 'inherited.xml'))
config = Config(tree)
form_config = config.get_form('customform')
self.form = Form(form_config)
def test_form_init(self):
pass
def test_string_field(self):
field = self.form.get_field("string")
self.assertEqual(field.label, "Inherited String field")
def test_form_fields(self):
self.assertEqual(len(self.form.fields.values()), 10)
class TestInheritedForm(unittest.TestCase):
def setUp(self):
tree = load(os.path.join(test_dir, 'inherited.xml'))
config = Config(tree)
form_config = config.get_form('customform')
self.form = Form(form_config)
def test_form_init(self):
pass
def test_string_field(self):
field = self.form.get_field("string")
self.assertEqual(field.label, "Inherited String field")
def test_form_fields(self):
self.assertEqual(len(self.form.fields.values()), 10)
class EvaluationDialogRenderer(DialogRenderer):
"""Docstring for ExportDialogRenderer"""
def __init__(self, request, clazz):
"""@todo: to be defined """
DialogRenderer.__init__(self, request, clazz, "evaluate")
self.template = template_lookup.get_template("internal/evaluation.mako")
config = Config(load(get_path_to_form_config('evaluations.xml', 'ringo_evaluation', location=".")))
form_config = config.get_form('dialog')
url_prefix = request.application_url
self.form = Form(form_config,
csrf_token=self._request.session.get_csrf_token(),
translate=request.translate,
eval_url=get_eval_url(),
url_prefix=url_prefix)
def render(self, items):
values = {}
values['request'] = self._request
values['items'] = items
values['body'] = self._render_body()
values['modul'] = get_item_modul(self._request, self._item).get_label(plural=True)
values['action'] = self._action.capitalize()
values['ok_url'] = self._request.current_route_path()
values['_'] = self._request.translate
values['cancel_url'] = self._request.referrer
values['evalurl'] = self._request.application_url+get_eval_url()
return literal(self.template.render(**values))
def _render_body(self):
out = []
# Collect all available evaluations and provide the evaluations
# for this modul to the form while rendering.
evaluations = []
#converter = get_converter()
modul = get_item_modul(self._request, self._item)
for evaluation in modul.evaluations:
evaluations.append((evaluation, evaluation.id))
values = {"evaluations": evaluations}
values["_converter"] = False # converter.is_available()
out.append(self.form.render(buttons=False, values=values))
return "".join(out)
def get_ownership_form(item,
db,
csrf_token,
eval_url,
readonly=None,
url_prefix=None,
locale=None,
translate=None):
if readonly:
config = get_form_config_from_file('ringo', 'ownership.xml',
'ownership-form-read')
else:
config = get_form_config_from_file('ringo', 'ownership.xml',
'ownership-form-update')
return Form(config,
item,
db,
csrf_token=csrf_token,
eval_url=eval_url,
url_prefix=url_prefix,
locale=locale,
translate=translate)
def get_form_config_from_db(fid, formname):
"""Return the blobform configuration for a given form."""
from ringo.model.form import Form
factory = Form.get_item_factory()
form = factory.load(fid)
return Config(parse(form.definition.encode('utf-8'))).get_form(formname)
def register_user(request):
settings = request.registry.settings
if not is_registration_enabled(settings):
raise exc.exception_response(503)
handle_history(request)
_ = request.translate
config = Config(load(get_path_to_form_config('auth.xml')))
form_config = config.get_form('register_user')
form = Form(form_config, csrf_token=request.session.get_csrf_token(),
translate=_)
# Do extra validation which is not handled by formbar.
# Is the login unique?
login_unique_validator = Validator('login',
_('There is already a user with this '
'name'),
is_login_unique)
pw_len_validator = Validator('pass',
_('Password must be at least 12 characters '
'long.'),
password_minlength_validator)
pw_nonchar_validator = Validator('pass',
_('Password must contain at least 2 '
'non-letters.'),
password_nonletter_validator)
form.add_validator(login_unique_validator)
form.add_validator(pw_len_validator)
form.add_validator(pw_nonchar_validator)
registration_complete = False
if request.POST:
if form.validate(request.params):
# 1. Create user. Do not activate him. Default role is user.
ufac = User.get_item_factory()
user = ufac.create(None, form.data)
# Set login from formdata
user.login = form.data['login']
# Encrypt password and save
user.password = encrypt_password(form.data['pass'])
# Deactivate the user. To activate the user needs to confirm
# with the activation link
user.activated = False
atoken = str(uuid.uuid4())
user.activation_token = atoken
# Set profile data
user.profile[0].email = form.data['_email']
# 2. Set user group
gfac = Usergroup.get_item_factory()
default_grps = settings.get("auth.register_user_default_groups",
str(USER_GROUP_ID))
for gid in [int(id) for id in default_grps.split(",")]:
group = gfac.load(gid)
user.groups.append(group)
# 3. Set user role
rfac = Role.get_item_factory()
default_roles = settings.get("auth.register_user_default_roles",
str(USER_ROLE_ID))
for rid in [int(id) for id in default_roles.split(",")]:
role = rfac.load(rid)
user.roles.append(role)
# Set default user group.
request.db.add(user)
# 4. Send confirmation email. The user will be activated
# after the user clicks on the confirmation link
mailer = Mailer(request)
recipient = user.profile[0].email
subject = _('Confirm user registration')
values = {'url': request.route_url('confirm_user', token=atoken),
'app_name': get_app_title(),
'email': settings['mail.default_sender'],
'_': _}
mail = Mail([recipient],
subject,
template="register_user",
values=values)
mailer.send(mail)
msg = _("User has been created and a confirmation mail was sent"
" to the users email adress. Please check your email.")
request.session.flash(msg, 'success')
registration_complete = True
return {'form': form.render(), 'complete': registration_complete}
def setUp(self):
tree = load(os.path.join(test_dir, 'form.xml'))
config = Config(tree)
form_config = config.get_form('customform')
self.form = Form(form_config)
class TestFormValidation(unittest.TestCase):
def setUp(self):
tree = load(os.path.join(test_dir, 'form.xml'))
config = Config(tree)
form_config = config.get_form('customform')
self.form = Form(form_config)
def test_form_init(self):
pass
def test_form_unknown_field(self):
values = {'unknown': 'test', 'integer': '15', 'date': '1998-02-01'}
self.form.validate(values)
# Check that the unknown field has been filtered out as it was
# not part of the form.
self.assertEqual(self.form.data.has_key('unknown'), False)
def test_form_validate_fail(self):
values = {'default': 'test', 'integer': '15', 'date': '1998-02-01'}
self.assertEqual(self.form.validate(values), False)
def test_form_validate_fail_checkvalues(self):
values = {'default': 'test', 'integer': '15', 'date': '1998-02-01'}
self.assertEqual(self.form.validate(values), False)
self.assertEqual(self.form.submitted_data['integer'], '15')
self.assertEqual(self.form.submitted_data['date'], '1998-02-01')
def test_form_validate_ok(self):
values = {'default': 'test', 'integer': '16', 'date': '1998-02-01'}
validator = Validator('integer', 'Error message', external_validator)
self.form.add_validator(validator)
self.assertEqual(self.form.validate(values), True)
def test_form_validate_ext_validator_fail(self):
values = {'default': 'test', 'integer': '15', 'date': '1998-02-01'}
validator = Validator('integer', 'Error message', external_validator)
self.form.add_validator(validator)
self.assertEqual(self.form.validate(values), False)
def test_form_validate_ext_validator_ok(self):
values = {'default': 'test', 'integer': '16', 'date': '1998-02-01'}
self.assertEqual(self.form.validate(values), True)
def test_form_deserialize_int(self):
values = {'default': 'test', 'integer': '16', 'date': '1998-02-01'}
self.form.validate(values)
self.assertEqual(self.form.data['integer'], 16)
def test_form_deserialize_float(self):
values = {
'default': 'test',
'integer': '16',
'date': '1998-02-01',
'float': '87.5'
}
self.assertEqual(self.form.validate(values), True)
self.assertEqual(self.form.data['float'], 87.5)
def test_form_deserialize_date(self):
values = {
'default': 'test',
'integer': '16',
'float': '87.5',
'date': '1998-02-01'
}
self.form.validate(values)
self.assertEqual(self.form.data['date'], datetime.date(1998, 2, 1))
def test_form_deserialize_string(self):
values = {
'default': 'test',
'integer': '16',
'date': '1998-02-01',
'float': '99'
}
self.form.validate(values)
self.assertEqual(self.form.data['default'], 'test')
def test_form_deserialize_time(self):
values = {
'default': 'test',
'integer': '16',
'date': '1998-02-01',
'float': '99',
'time': '00:12:11'
}
self.form.validate(values)
self.assertEqual(self.form.data['time'], 731)
def test_form_deserialize_interval(self):
values = {
'default': 'test',
'integer': '16',
'date': '1998-02-01',
'float': '99',
'interval': '00:12:11'
}
self.form.validate(values)
self.assertEqual(self.form.data['interval'],
datetime.timedelta(0, 731))
def test_form_convert_interval_ok(self):
values = {
'default': 'test',
'integer': '16',
'date': '1998-02-01',
'float': '99',
'interval': '01:12'
}
self.form.validate(values)
self.assertEqual(self.form.data['interval'],
datetime.timedelta(hours=1, minutes=12))
def test_form_convert_interval_false(self):
values = {
'default': 'test',
'integer': '16',
'date': '1998-02-01',
'float': '99',
'interval': '00:12:11'
}
self.form.validate(values)
self.assertEqual(self.form.data['interval'] == datetime.timedelta(1),
False)
def test_form_convert_interval_mm_ok(self):
values = {
'default': 'test',
'integer': '16',
'date': '1998-02-01',
'float': '99',
'interval': '12'
}
self.form.validate(values)
self.assertEqual(self.form.data['interval'],
datetime.timedelta(minutes=12))
def test_form_save(self):
values = {'default': 'test', 'integer': '16', 'date': '1998-02-01'}
self.assertEqual(self.form.validate(values), True)
def test_form_warnings(self):
values = {
'select': '2',
'default': 'test',
'integer': '16',
'date': '1998-02-01'
}
self.form.validate(values)
warnings = self.form.get_warnings()
self.assertEqual(len(warnings), 2)
def test_form_save_without_validation(self):
self.assertRaises(StateError, self.form.save)
def test_form_fields(self):
self.assertEqual(len(self.form.fields.values()), 9)
def test_form_field_select_options(self):
selfield = self.form.get_field('select')
self.assertEqual(len(selfield.get_options()), 4)
def test_generated_rules(self):
num_rules = 0
fields = self.form.fields
for field in fields:
num_rules += len(self.form.get_field(field).get_rules())
self.assertEqual(num_rules, 5)
def test_generated_warning_rules(self):
num_rules = 0
fields = self.form.fields
for fieldname in fields:
field = self.form.get_field(fieldname)
rules = [r for r in field.get_rules() if r.triggers == "warning"]
num_rules += len(rules)
self.assertEqual(num_rules, 2)
def test_generated_error_rules(self):
num_rules = 0
fields = self.form.fields
for fieldname in fields:
field = self.form.get_field(fieldname)
rules = [r for r in field.get_rules() if r.triggers == "error"]
num_rules += len(rules)
self.assertEqual(num_rules, 3)
def get_form_config_from_db(fid, formname):
"""Return the blobform configuration for a given form."""
from ringo.model.form import Form
factory = Form.get_item_factory()
form = factory.load(fid)
return Config(parse(form.definition.encode('utf-8'))).get_form(formname)
def test_create(self):
form_config = self.config.get_form('userform2')
item = User()
form = Form(form_config, item)
self.assertEqual(len(form.fields), 3)
class TestFormValidation(unittest.TestCase):
def setUp(self):
tree = load(os.path.join(test_dir, 'form.xml'))
config = Config(tree)
form_config = config.get_form('customform')
self.form = Form(form_config)
def test_form_init(self):
pass
def test_form_unknown_field(self):
values = {'unknown': 'test', 'integer': '15', 'date': '1998-02-01'}
self.form.validate(values)
# Check that the unknown field has been filtered out as it was
# not part of the form.
self.assertEqual(self.form.data.has_key('unknown'), False)
def test_form_validate_fail(self):
values = {'default': 'test', 'integer': '15', 'date': '1998-02-01'}
self.assertEqual(self.form.validate(values), False)
def test_form_validate_fail_checkvalues(self):
values = {'default': 'test', 'integer': '15', 'date': '1998-02-01'}
self.assertEqual(self.form.validate(values), False)
self.assertEqual(self.form.submitted_data['integer'], '15')
self.assertEqual(self.form.submitted_data['date'], '1998-02-01')
def test_form_validate_ok(self):
values = {'default': 'test', 'integer': '16', 'date': '1998-02-01'}
validator = Validator('integer',
'Error message',
external_validator)
self.form.add_validator(validator)
self.assertEqual(self.form.validate(values), True)
def test_form_validate_ext_validator_fail(self):
values = {'default': 'test', 'integer': '15', 'date': '1998-02-01'}
validator = Validator('integer',
'Error message',
external_validator)
self.form.add_validator(validator)
self.assertEqual(self.form.validate(values), False)
def test_form_validate_ext_validator_ok(self):
values = {'default': 'test', 'integer': '16', 'date': '1998-02-01'}
self.assertEqual(self.form.validate(values), True)
def test_form_deserialize_int(self):
values = {'default': 'test', 'integer': '16', 'date': '1998-02-01'}
self.form.validate(values)
self.assertEqual(self.form.data['integer'], 16)
def test_form_deserialize_float(self):
values = {'default': 'test', 'integer': '16',
'date': '1998-02-01', 'float': '87.5'}
self.assertEqual(self.form.validate(values), True)
self.assertEqual(self.form.data['float'], 87.5)
def test_form_deserialize_date(self):
values = {'default': 'test', 'integer': '16',
'float': '87.5', 'date': '1998-02-01'}
self.form.validate(values)
self.assertEqual(self.form.data['date'], datetime.date(1998, 2, 1))
def test_form_deserialize_string(self):
values = {'default': 'test', 'integer': '16', 'date': '1998-02-01', 'float': '99'}
self.form.validate(values)
self.assertEqual(self.form.data['default'], 'test')
def test_form_deserialize_time(self):
values = {'default': 'test', 'integer': '16', 'date': '1998-02-01', 'float': '99', 'time': '00:12:11'}
self.form.validate(values)
self.assertEqual(self.form.data['time'], 731)
def test_form_deserialize_interval(self):
values = {'default': 'test', 'integer': '16', 'date': '1998-02-01', 'float': '99', 'interval': '00:12:11'}
self.form.validate(values)
self.assertEqual(self.form.data['interval'], datetime.timedelta(0, 731))
def test_form_convert_interval_ok(self):
values = {'default': 'test', 'integer': '16', 'date': '1998-02-01', 'float': '99', 'interval': '01:12'}
self.form.validate(values)
self.assertEqual(self.form.data['interval'], datetime.timedelta(hours=1, minutes=12))
def test_form_convert_interval_false(self):
values = {'default': 'test', 'integer': '16', 'date': '1998-02-01', 'float': '99', 'interval': '00:12:11'}
self.form.validate(values)
self.assertEqual(self.form.data['interval'] == datetime.timedelta(1), False)
def test_form_convert_interval_mm_ok(self):
values = {'default': 'test', 'integer': '16', 'date': '1998-02-01', 'float': '99', 'interval': '12'}
self.form.validate(values)
self.assertEqual(self.form.data['interval'], datetime.timedelta(minutes=12))
def test_form_save(self):
values = {'default': 'test', 'integer': '16', 'date': '1998-02-01'}
self.assertEqual(self.form.validate(values), True)
def test_form_warnings(self):
values = {'select': '2', 'default': 'test', 'integer': '16', 'date': '1998-02-01'}
self.form.validate(values)
warnings = self.form.get_warnings()
self.assertEqual(len(warnings), 2)
def test_form_save_without_validation(self):
self.assertRaises(StateError, self.form.save)
def test_form_fields(self):
self.assertEqual(len(self.form.fields.values()), 9)
def test_form_field_select_options(self):
selfield = self.form.get_field('select')
self.assertEqual(len(selfield.get_options()), 4)
def test_generated_rules(self):
num_rules = 0
fields = self.form.fields
for field in fields:
num_rules += len(self.form.get_field(field).get_rules())
self.assertEqual(num_rules, 5)
def test_generated_warning_rules(self):
num_rules = 0
fields = self.form.fields
for fieldname in fields:
field = self.form.get_field(fieldname)
rules = [r for r in field.get_rules() if r.triggers=="warning"]
num_rules += len(rules)
self.assertEqual(num_rules, 2)
def test_generated_error_rules(self):
num_rules = 0
fields = self.form.fields
for fieldname in fields:
field = self.form.get_field(fieldname)
rules = [r for r in field.get_rules() if r.triggers=="error"]
num_rules += len(rules)
self.assertEqual(num_rules, 3)
def setUp(self):
tree = load(os.path.join(test_dir, 'form.xml'))
config = Config(tree)
form_config = config.get_form('customform')
self.form = Form(form_config)
def register_user(request):
settings = request.registry.settings
if not is_registration_enabled(settings):
raise exc.exception_response(503)
_ = request.translate
config = Config(load(get_path_to_form_config('auth.xml')))
form_config = config.get_form('register_user')
form = Form(form_config,
csrf_token=request.session.get_csrf_token(),
translate=_)
# Do extra validation which is not handled by formbar.
# Is the login unique?
login_unique_validator = Validator(
'login', _('There is already a user with this '
'name'), is_login_unique)
pw_len_validator = Validator(
'pass', _('Password must be at least 12 characters '
'long.'), password_minlength_validator)
pw_nonchar_validator = Validator(
'pass', _('Password must contain at least 2 '
'non-letters.'), password_nonletter_validator)
form.add_validator(login_unique_validator)
form.add_validator(pw_len_validator)
form.add_validator(pw_nonchar_validator)
registration_complete = False
if request.POST:
if form.validate(request.params):
# 1. Create user. Do not activate him. Default role is user.
ufac = User.get_item_factory()
user = ufac.create(None, form.data)
# Set login from formdata
user.login = form.data['login']
# Encrypt password and save
user.password = encrypt_password(form.data['pass'])
# Deactivate the user. To activate the user needs to confirm
# with the activation link
user.activated = False
atoken = str(uuid.uuid4())
user.activation_token = atoken
# Set profile data
user.profile[0].email = form.data['_email']
# 2. Set user group
gfac = Usergroup.get_item_factory()
default_grps = settings.get("auth.register_user_default_groups",
str(USER_GROUP_ID))
for gid in [int(id) for id in default_grps.split(",")]:
group = gfac.load(gid)
user.groups.append(group)
# 3. Set user role
rfac = Role.get_item_factory()
default_roles = settings.get("auth.register_user_default_roles",
str(USER_ROLE_ID))
for rid in [int(id) for id in default_roles.split(",")]:
role = rfac.load(rid)
user.roles.append(role)
# Set default user group.
request.db.add(user)
# 4. Send confirmation email. The user will be activated
# after the user clicks on the confirmation link
mailer = Mailer(request)
recipient = user.profile[0].email
subject = _('Confirm user registration')
values = {
'url': request.route_url('confirm_user', token=atoken),
'app_name': get_app_title(),
'email': settings['mail.default_sender'],
'login': user.login,
'_': _
}
mail = Mail([recipient],
subject,
template="register_user",
values=values)
mailer.send(mail)
msg = _("User has been created and a confirmation mail was sent"
" to the users email adress. Please check your email.")
request.session.flash(msg, 'success')
registration_complete = True
return {'form': form.render(), 'complete': registration_complete}
def changepassword(request):
"""Method to change the users password by the user. The user user
musst provide his old and the new pasword. Users are only allowed to
change their own password."""
# Check authentification
# As this view has now security configured it is
# generally callable by all users. For this reason we first check if
# the user is authenticated. If the user is not authenticated the
# raise an 401 (unauthorized) exception.
if not request.user:
raise HTTPUnauthorized
clazz = User
handle_history(request)
handle_params(request)
_ = request.translate
rvalue = {}
# Load the item return 400 if the item can not be found.
id = request.matchdict.get('id')
factory = clazz.get_item_factory()
try:
item = factory.load(id, request.db)
# Check authorisation
# User are only allowed to set their own password.
if item.id != request.user.id:
raise HTTPForbidden()
except sa.orm.exc.NoResultFound:
raise HTTPBadRequest()
form = Form(get_form_config(item, 'changepassword'),
item, request.db, translate=_,
renderers={},
change_page_callback={'url': 'set_current_form_page',
'item': clazz.__tablename__,
'itemid': id},
request=request, csrf_token=request.session.get_csrf_token())
if request.POST:
mapping = {'item': item}
# Do extra validation which is not handled by formbar.
# Is the provided old password correct?
validator = Validator('oldpassword',
_('The given password is not correct'),
check_password)
pw_len_validator = Validator('password',
_('Password must be at least 12 '
'characters long.'),
password_minlength_validator)
pw_nonchar_validator = Validator('password',
_('Password must contain at least 2 '
'non-letters.'),
password_nonletter_validator)
form.add_validator(validator)
form.add_validator(pw_len_validator)
form.add_validator(pw_nonchar_validator)
if form.validate(request.params):
form.save()
# Actually save the password. This is not done in the form
# as the password needs to be encrypted.
encrypt_password_callback(request, item)
msg = _('Changed password for "${item}" successfull.',
mapping=mapping)
log.info(msg)
request.session.flash(msg, 'success')
route_name = get_action_routename(item, 'changepassword')
url = request.route_path(route_name, id=item.id)
# Invalidate cache
invalidate_cache()
return HTTPFound(location=url)
else:
msg = _('Error on changing the password for '
'"${item}".', mapping=mapping)
log.info(msg)
request.session.flash(msg, 'error')
rvalue['clazz'] = clazz
rvalue['item'] = item
rvalue['form'] = form.render(page=get_current_form_page(clazz, request))
return rvalue
def register_user(request):
settings = request.registry.settings
if not is_registration_enabled(settings):
raise exc.exception_response(503)
handle_history(request)
_ = request.translate
config = Config(load(get_path_to_form_config('auth.xml', 'ringo')))
form_config = config.get_form('register_user')
form = Form(form_config, csrf_token=request.session.get_csrf_token(),
translate=_)
# Do extra validation which is not handled by formbar.
# Is the login unique?
validator = Validator('login',
'There is already a user with this name',
is_login_unique)
form.add_validator(validator)
if request.POST:
if form.validate(request.params):
# 1. Create user. Do not activate him. Default role is user.
ufac = User.get_item_factory()
user = ufac.create(None, form.data)
# Set login from formdata
user.login = form.data['login']
# Encrypt password and save
user.password = encrypt_password(form.data['pass'])
# Deactivate the user. To activate the user needs to confirm
# with the activation link
user.activated = False
atoken = str(uuid.uuid4())
user.activation_token = atoken
# Set profile data
user.profile[0].email = form.data['_email']
# 2. Set user group
gfac = Usergroup.get_item_factory()
group = gfac.load(USER_GROUP_ID)
user.groups.append(group)
# 3. Set user role
rfac = Role.get_item_factory()
role = rfac.load(USER_ROLE_ID)
user.roles.append(role)
# Set default user group.
request.db.add(user)
# 4. Send confirmation email. The user will be activated
# after the user clicks on the confirmation link
mailer = Mailer(request)
recipient = user.profile[0].email
subject = _('Confirm user registration')
values = {'url': request.route_url('confirm_user', token=atoken),
'app_name': get_app_title(),
'email': settings['mail.default_sender'],
'_': _}
mail = Mail([recipient], subject, template="register_user", values=values)
mailer.send(mail)
target_url = request.route_path('login')
headers = forget(request)
msg = _("User has been created and a confirmation mail was sent"
" to the users email adress. Please check your email.")
request.session.flash(msg, 'success')
return HTTPFound(location=target_url, headers=headers)
return {'form': form.render()}
def changepassword(request):
"""Method to change the users password by the user. The user user
musst provide his old and the new pasword. Users are only allowed to
change their own password."""
# Check authentification
# As this view has now security configured it is
# generally callable by all users. For this reason we first check if
# the user is authenticated. If the user is not authenticated the
# raise an 401 (unauthorized) exception.
if not request.user:
raise HTTPUnauthorized
clazz = User
_ = request.translate
rvalue = {}
# Load the item return 400 if the item can not be found.
id = request.matchdict.get('id')
factory = clazz.get_item_factory()
try:
item = factory.load(id, request.db)
# Check authorisation
# User are only allowed to set their own password.
if item.id != request.user.id:
raise HTTPForbidden()
except sa.orm.exc.NoResultFound:
raise HTTPBadRequest()
form = Form(get_form_config(item, 'changepassword'),
item, request.db, translate=_,
renderers={},
change_page_callback={'url': 'set_current_form_page',
'item': clazz.__tablename__,
'itemid': id},
request=request, csrf_token=request.session.get_csrf_token())
if request.POST:
mapping = {'item': item}
# Do extra validation which is not handled by formbar.
# Is the provided old password correct?
validator = Validator('oldpassword',
_('The given password is not correct'),
check_password)
pw_len_validator = Validator('password',
_('Password must be at least 12 '
'characters long.'),
password_minlength_validator)
pw_nonchar_validator = Validator('password',
_('Password must contain at least 2 '
'non-letters.'),
password_nonletter_validator)
form.add_validator(validator)
form.add_validator(pw_len_validator)
form.add_validator(pw_nonchar_validator)
if form.validate(request.params):
form.save()
# Actually save the password. This is not done in the form
# as the password needs to be encrypted.
encrypt_password_callback(request, item)
msg = _('Changed password for "${item}" successfull.',
mapping=mapping)
log.info(msg)
request.session.flash(msg, 'success')
route_name = get_action_routename(item, 'changepassword')
url = request.route_path(route_name, id=item.id)
# Invalidate cache
invalidate_cache()
return HTTPFound(location=url)
else:
msg = _('Error on changing the password for '
'"${item}".', mapping=mapping)
log.info(msg)
request.session.flash(msg, 'error')
rvalue['clazz'] = clazz
rvalue['item'] = item
rvalue['form'] = form.render(page=get_current_form_page(clazz, request))
return rvalue
def test_read(self):
form_config = self.config.get_form('userform1')
item = self._insert_item()
form = Form(form_config, item)
self.assertEqual(len(form.fields), 2)
