def filtering_table_row(self, col):
extra = getattr(col.filter, 'html_extra', {})
return _HTML.tr(
_HTML.th(self.filtering_col_label(col), class_='filter-label')
+ _HTML.td(self.filtering_col_op_select(col), class_='operator')
+ _HTML.td(
_HTML.div(self.filtering_col_inputs1(col), class_='inputs1')
+ _HTML.div(self.filtering_col_inputs2(col), class_='inputs2')
),
# Added _filter to address CSS collision with Bootstrap
# Ref: https://github.com/level12/webgrid/issues/28
class_=col.key + '_filter',
**extra
)
def form(url, method="post", **attrs):
"""Like webhelpers.html.tags.form , but automatically adding
session_csrf_secret_token for POST. The secret is thus never leaked in GET
URLs.
"""
form = insecure_form(url, method, **attrs)
if method.lower() == 'get':
return form
return form + HTML.div(hidden(session_csrf_secret_name, session_csrf_secret_token()), style="display: none;")
def begin(self):
attrs = HtmlAttributeHolder(**self.element.attributes)
attrs.add_attr('class', 'static-form')
for attr in ('enctype', 'method', 'action'):
try:
attrs.del_attr(attr)
except KeyError:
pass
self.output.inc(HTML.div(None, _closed=False, **attrs.attributes))
def button_to(name, url='', **html_attrs):
"""Generate a form containing a sole button that submits to
``url``.
Use this method instead of ``link_to`` for actions that do not have
the safe HTTP GET semantics implied by using a hypertext link.
The parameters are the same as for ``link_to``. Any
``html_attrs`` that you pass will be applied to the inner
``input`` element. In particular, pass
disabled = True/False
as part of ``html_attrs`` to control whether the button is
disabled. The generated form element is given the class
'button-to', to which you can attach CSS styles for display
purposes.
The submit button itself will be displayed as an image if you
provide both ``type`` and ``src`` as followed:
type='image', src='icon_delete.gif'
The ``src`` path should be the exact URL desired. A previous version of
this helper added magical prefixes but this is no longer the case.
Example 1::
# inside of controller for "feeds"
>> button_to("Edit", url(action='edit', id=3))
<form method="post" action="/feeds/edit/3" class="button-to">
<div><input value="Edit" type="submit" /></div>
</form>
Example 2::
>> button_to("Destroy", url(action='destroy', id=3),
.. method='DELETE')
<form method="POST" action="/feeds/destroy/3"
class="button-to">
<div>
<input type="hidden" name="_method" value="DELETE" />
<input value="Destroy" type="submit" />
</div>
</form>
Example 3::
# Button as an image.
>> button_to("Edit", url(action='edit', id=3), type='image',
.. src='icon_delete.gif')
<form method="POST" action="/feeds/edit/3" class="button-to">
<div><input alt="Edit" src="/images/icon_delete.gif"
type="image" value="Edit" /></div>
</form>
.. note::
This method generates HTML code that represents a form. Forms
are "block" content, which means that you should not try to
insert them into your HTML where only inline content is
expected. For example, you can legally insert a form inside of
a ``div`` or ``td`` element or in between ``p`` elements, but
not in the middle of a run of text, nor can you place a form
within another form.
(Bottom line: Always validate your HTML before going public.)
Changed in WebHelpers 1.2: Preserve case of "method" arg for XHTML
compatibility. E.g., "POST" or "PUT" causes *method="POST"*; "post" or
"put" causes *method="post"*.
"""
if html_attrs:
tags.convert_boolean_attrs(html_attrs, ['disabled'])
method_tag = ''
method = html_attrs.pop('method', '')
if method.upper() in ['PUT', 'DELETE']:
method_tag = HTML.input(
type='hidden', id='_method', name_='_method', value=method)
if method.upper() in ('GET', 'POST'):
form_method = method
elif method in ('put', 'delete'):
# preserve lowercasing of verb
form_method = 'post'
else:
form_method = 'POST'
url, name = url, name or url
submit_type = html_attrs.get('type')
img_source = html_attrs.get('src')
if submit_type == 'image' and img_source:
html_attrs["value"] = name
html_attrs.setdefault("alt", name)
else:
html_attrs["type"] = "submit"
html_attrs["value"] = name
return HTML.form(method=form_method, action=url, class_="button-to",
c=[HTML.div(method_tag, HTML.input(**html_attrs))])
def form(url, method="post", multipart=False, hidden_fields=None, **attrs):
"""An open tag for a form that will submit to ``url``.
You must close the form yourself by calling ``end_form()`` or outputting
</form>.
Options:
``method``
The method to use when submitting the form, usually either
"GET" or "POST". If "PUT", "DELETE", or another verb is used, a
hidden input with name _method is added to simulate the verb
over POST.
``multipart``
If set to True, the enctype is set to "multipart/form-data".
You must set it to true when uploading files, or the browser will
submit the filename rather than the file.
``hidden_fields``
Additional hidden fields to add to the beginning of the form. It may
be a dict or an iterable of key-value tuples. This is implemented by
calling the object's ``.items()`` method if it has one, or just
iterating the object. (This will successfuly get multiple values for
the same key in WebOb MultiDict objects.)
Because input tags must be placed in a block tag rather than directly
inside the form, all hidden fields will be put in a
'<div style="display:none">'. The style prevents the <div> from being
displayed or affecting the layout.
Examples:
>>> form("/submit")
literal(u'<form action="/submit" method="post">')
>>> form("/submit", method="get")
literal(u'<form action="/submit" method="get">')
>>> form("/submit", method="put")
literal(u'<form action="/submit" method="post"><div style="display:none">\\n<input name="_method" type="hidden" value="put" />\\n</div>\\n')
>>> form("/submit", "post", multipart=True)
literal(u'<form action="/submit" enctype="multipart/form-data" method="post">')
Changed in WebHelpers 1.0b2: add <div> and ``hidden_fields`` arg.
Changed in WebHelpers 1.2: don't add an "id" attribute to hidden tags
generated by this helper; they clash if there are multiple forms on the
page.
"""
fields = []
attrs["action"] = url
if multipart:
attrs["enctype"] = "multipart/form-data"
if method.lower() in ['post', 'get']:
attrs['method'] = method
else:
attrs['method'] = "post"
field = hidden("_method", method, id=None)
fields.append(field)
if hidden_fields is not None:
try:
it = hidden_fields.items()
except AttributeError:
it = hidden_fields
for name, value in it:
field = hidden(name, value, id=None)
fields.append(field)
if fields:
div = HTML.div(style="display:none", _nl=True, *fields)
else:
div = None
return HTML.form(div, _closed=False, **attrs)
def grid_otag(self):
return _HTML.div(_closed=False, **self.grid.hah)