def make_name(dataset, label):
from openspending.lib.util import slugify
from itertools import count
name = name_orig = slugify(label)
view = View.by_name(dataset, name)
for i in count():
if view is None:
return name
name = name_orig + str(i)
view = View.by_name(dataset, name)
def update(self, dataset, name):
"""
Update dataset. Does nothing at the moment.
"""
# Get the dataset for the view
self._get_dataset(dataset)
# Get the named view
view = View.by_name(c.dataset, name)
# User must be allowed to update the named view
require.view.update(c.dataset, view)
# Possible update values
# We don't update the view's name because it might have been embedded
view.label = request.params.get('label', view.label)
try:
# Try to load the state
view.state = json.loads(request.params['state'])
except:
pass
view.description = request.params.get('description', view.description)
# Commit the changes
db.session.commit()
# Redirect to the view page for this view
redirect(h.url_for(controller='view', action='view',
dataset=c.dataset.name, name=view.name))
def index(self, dataset, format='html'):
self._get_dataset(dataset)
handle_request(request, c, c.dataset)
c.views = View.all_by_dataset(c.dataset)
if format == 'json':
return to_jsonp([v.as_dict() for v in c.views])
else:
return templating.render('view/index.html')
def create(self, dataset):
self._get_dataset(dataset)
require.view.create(c.dataset)
handle_request(request, c, c.dataset)
try:
data = CreateView().deserialize(request.params)
view = View()
view.dataset = c.dataset
view.account = c.account
view.widget = data['widget']
view.state = data['state']
view.name = make_name(c.dataset, data['label'])
view.label = data['label']
view.description = data['description']
view.public = True
db.session.add(view)
db.session.commit()
redirect(h.url_for(controller='view', action='view',
dataset=c.dataset.name, name=view.name))
except colander.Invalid as inv:
return self.new(dataset, errors=inv.asdict())
def test_delete(self):
# TODO: Create the view using a fixture
self.app.post(url(controller='view', action='create',
dataset='cra'),
params={'widget': 'treemap',
'label': 'I am a banana!',
'state': '{"foo":"banana"}'},
extra_environ={'REMOTE_USER': '******'})
response = self.app.delete(url(controller='view',
action='delete', dataset='cra',
name='i-am-a-banana'),
extra_environ={'REMOTE_USER': '******'})
dataset = Dataset.by_name('cra')
view = View.by_name(dataset, 'i-am-a-banana')
assert view is None
assert '302' in response.status
def test_delete(self):
# TODO: Create the view using a fixture
self.app.post(url(controller='view', action='create', dataset='cra'),
params={
'widget': 'treemap',
'label': 'I am a banana!',
'state': '{"foo":"banana"}'
},
extra_environ={'REMOTE_USER': '******'})
response = self.app.delete(url(controller='view',
action='delete',
dataset='cra',
name='i-am-a-banana'),
extra_environ={'REMOTE_USER': '******'})
dataset = Dataset.by_name('cra')
view = View.by_name(dataset, 'i-am-a-banana')
assert view is None
assert '302' in response.status
def create_view(dataset, view_config):
"""
Create view for a provided dataset from a view provided as dict
"""
# Check if it exists (if not we create it)
existing = View.by_name(dataset, view_config['name'])
if existing is None:
# Create the view
view = View()
# Set saved configurations
view.widget = view_config['widget']
view.state = view_config['state']
view.name = view_config['name']
view.label = view_config['label']
view.description = view_config['description']
view.public = view_config['public']
# Set the dataset as the current dataset
view.dataset = dataset
# Try and set the account provided but if it doesn't exist
# revert to shell account
view.account = Account.by_name(view_config['account'])
if view.account is None:
view.account = shell_account()
# Commit view to database
db.session.add(view)
db.session.commit()
def test_update(self):
"""
Test the update function of a view.
"""
# Create the view (we do it via a controller but it would be
# better to create it manually (or via a fixture)
self.app.post(url(controller='view', action='create', dataset='cra'),
params={
'widget': 'treemap',
'label': 'I am a banana!',
'state': '{"foo":"banana"}'
},
extra_environ={'REMOTE_USER': '******'})
# Check whether a non-user can update the view
response = self.app.post(url(controller='view',
action='update',
dataset='cra',
name='i-am-a-banana'),
params={
'label': 'I am an apple',
'state': '{"foo":"apple"}',
'description': 'An apple!'
},
expect_errors=True)
# The user should receive a 403 Forbidden (actually should get 401)
assert '403' in response.status, \
"A non-user was able to update a view"
dataset = Dataset.by_name('cra')
view = View.by_name(dataset, 'i-am-a-banana')
assert view.label == 'I am a banana!', \
"View's label was changed by a non-user"
assert view.state['foo'] == 'banana', \
"View's state was changed by a non-user"
assert view.description is None, \
"View's description was changed by a non-user"
# Check whether an unauthorized user can update the view
response = self.app.post(url(controller='view',
action='update',
dataset='cra',
name='i-am-a-banana'),
params={
'label': 'I am an apple',
'state': '{"foo":"apple"}',
'description': 'An apple!'
},
expect_errors=True,
extra_environ={'REMOTE_USER': '******'})
# The user should receive a 403 (Forbidden)
assert '403' in response.status, \
"Unauthorized user was able to update a view"
dataset = Dataset.by_name('cra')
view = View.by_name(dataset, 'i-am-a-banana')
assert view.label == 'I am a banana!', \
"View's label was changed by an unauthorized user"
assert view.state['foo'] == 'banana', \
"View's state was changed by an unauthorized user"
assert view.description is None, \
"View's description was changed by an unauthorized user"
# Check whether a managing user can update the view
response = self.app.post(url(controller='view',
action='update',
dataset='cra',
name='i-am-a-banana'),
params={
'label': 'I am an apple',
'name': 'can-i-be-an-apple',
'state': '{"foo":"apple"}',
'description': 'An apple!'
},
extra_environ={'REMOTE_USER': '******'})
dataset = Dataset.by_name('cra')
view = View.by_name(dataset, 'i-am-a-banana')
# Name cannot have been changed because the view might have been
# embedded elsewhere (cannot be changed by params nor be re-slugified)
assert view is not None, \
"View's name was changed by update"
assert view.label == 'I am an apple', \
"View's label wasn't changed by the managing user"
assert view.state['foo'] == 'apple', \
"View's state wasn't changed by the managing user"
assert view.description == 'An apple!', \
"View's description wasn't changed by the managing user"
def create_view(dataset, view_config):
"""
Create view for a provided dataset from a view provided as dict
"""
# Check if it exists (if not we create it)
existing = View.by_name(dataset, view_config['name'])
if existing is None:
# Create the view
view = View()
# Set saved configurations
view.widget = view_config['widget']
view.state = view_config['state']
view.name = view_config['name']
view.label = view_config['label']
view.description = view_config['description']
view.public = view_config['public']
# Set the dataset as the current dataset
view.dataset = dataset
# Try and set the account provided but if it doesn't exist
# revert to shell account
view.account = Account.by_name(view_config['account'])
if view.account is None:
view.account = shell_account()
# Commit view to database
db.session.add(view)
db.session.commit()
def _get_named_view(self, dataset, name):
self._get_dataset(dataset)
c.named_view = View.by_name(c.dataset, name)
if c.named_view is None:
abort(404, _('Sorry, there is no view %r') % name)
require.view.read(c.dataset, c.named_view)
def test_update(self):
"""
Test the update function of a view.
"""
# Create the view (we do it via a controller but it would be
# better to create it manually (or via a fixture)
self.app.post(url(controller='view', action='create',
dataset='cra'),
params={'widget': 'treemap',
'label': 'I am a banana!',
'state': '{"foo":"banana"}'},
extra_environ={'REMOTE_USER': '******'})
# Check whether a non-user can update the view
response = self.app.post(url(controller='view', action='update',
dataset='cra', name='i-am-a-banana'),
params={'label': 'I am an apple',
'state': '{"foo":"apple"}',
'description': 'An apple!'},
expect_errors=True)
# The user should receive a 403 Forbidden (actually should get 401)
assert '403' in response.status, \
"A non-user was able to update a view"
dataset = Dataset.by_name('cra')
view = View.by_name(dataset, 'i-am-a-banana')
assert view.label == 'I am a banana!', \
"View's label was changed by a non-user"
assert view.state['foo'] == 'banana', \
"View's state was changed by a non-user"
assert view.description is None, \
"View's description was changed by a non-user"
# Check whether an unauthorized user can update the view
response = self.app.post(url(controller='view', action='update',
dataset='cra', name='i-am-a-banana'),
params={'label': 'I am an apple',
'state': '{"foo":"apple"}',
'description': 'An apple!'},
expect_errors=True,
extra_environ={'REMOTE_USER': '******'})
# The user should receive a 403 (Forbidden)
assert '403' in response.status, \
"Unauthorized user was able to update a view"
dataset = Dataset.by_name('cra')
view = View.by_name(dataset, 'i-am-a-banana')
assert view.label == 'I am a banana!', \
"View's label was changed by an unauthorized user"
assert view.state['foo'] == 'banana', \
"View's state was changed by an unauthorized user"
assert view.description is None, \
"View's description was changed by an unauthorized user"
# Check whether a managing user can update the view
response = self.app.post(url(controller='view', action='update',
dataset='cra', name='i-am-a-banana'),
params={'label': 'I am an apple',
'name': 'can-i-be-an-apple',
'state': '{"foo":"apple"}',
'description': 'An apple!'},
extra_environ={'REMOTE_USER': '******'})
dataset = Dataset.by_name('cra')
view = View.by_name(dataset, 'i-am-a-banana')
# Name cannot have been changed because the view might have been
# embedded elsewhere (cannot be changed by params nor be re-slugified)
assert view is not None, \
"View's name was changed by update"
assert view.label == 'I am an apple', \
"View's label wasn't changed by the managing user"
assert view.state['foo'] == 'apple', \
"View's state wasn't changed by the managing user"
assert view.description == 'An apple!', \
"View's description wasn't changed by the managing user"
