def test_non_writable_input_is_dealt_with_like_invalid_input(web_fixture): """If a form submits a value for an Input that is linked to Field with access rights that prohibit writing, the input is silently ignored.""" fixture = web_fixture class ModelObject: field_name = 'Original value' @exposed def events(self, events): events.an_event = Event(label='click me') @exposed def fields(self, fields): fields.field_name = Field(default='abc', writable=Allowed(False), disallowed_message='you are not allowed to write this') model_object = ModelObject() class TestPanel(Div): def __init__(self, view): super().__init__(view) form = self.add_child(Form(view, 'some_form')) form.define_event_handler(model_object.events.an_event) form.add_child(ButtonInput(form, model_object.events.an_event)) form.add_child(TextInput(form, model_object.fields.field_name)) fixture.form = form wsgi_app = web_fixture.new_wsgi_app(child_factory=TestPanel.factory()) browser = Browser(wsgi_app) browser.open('/') csrf_token = browser.get_value('//input[@name="some_form-_reahl_csrf_token"]') browser.post(fixture.form.event_channel.get_url().path, {'event.some_form-an_event?':'', 'some_form-field_name': 'illigitimate value', 'some_form-_reahl_database_concurrency_digest':'', 'some_form-_reahl_csrf_token': csrf_token}) browser.follow_response() assert model_object.field_name == 'Original value'
def test_alternative_event_trigerring(web_fixture): """Events can also be triggered by submitting a Form via Ajax. In such cases the normal redirect-after-submit behaviour of the underlying EventChannel is not desirable. This behaviour can be switched off by submitting an extra argument along with the Form in order to request the alternative behaviour. """ fixture = web_fixture class ModelObject: def handle_event(self): self.handled_event = True @exposed def events(self, events): events.an_event = Event(label='click me', action=Action(self.handle_event)) model_object = ModelObject() class MyForm(Form): def __init__(self, view, name, other_view): super().__init__(view, name) self.define_event_handler(model_object.events.an_event, target=other_view) self.add_child(ButtonInput(self, model_object.events.an_event)) class MainUI(UserInterface): def assemble(self): self.define_page(HTML5Page).use_layout(BasicPageLayout()) home = self.define_view('/', title='Home page') other_view = self.define_view('/page2', title='Page 2') home.set_slot('main', MyForm.factory('myform', other_view)) wsgi_app = fixture.new_wsgi_app(site_root=MainUI) browser = Browser(wsgi_app) # when POSTing with _noredirect, the Action is executed, but the browser is not redirected to /page2 as usual browser.open('/') csrf_token = browser.get_value('//input[@name="myform-_reahl_csrf_token"]') browser.post( '/__myform_method', { 'event.myform-an_event?': '', '_noredirect': '', 'myform-_reahl_database_concurrency_digest': '', 'myform-_reahl_csrf_token': csrf_token }) browser.follow_response( ) # Needed to make the test break should a HTTPTemporaryRedirect response be sent assert model_object.handled_event assert browser.current_url.path != '/page2' assert browser.current_url.path == '/__myform_method' # the response is a json object reporting the success of the event and a new rendition of the form json_dict = json.loads(browser.raw_html) assert json_dict['success'] expected_html = '<div id="myform_hashes">' assert json_dict['result']['myform'].startswith(expected_html)