# -*- coding: utf-8 -*- # vim: autoindent shiftwidth=4 expandtab textwidth=80 tabstop=4 softtabstop=4 ############################################################################### # ScribeEngine - Open Source Blog Software # # --------------------------------------------------------------------------- # # Copyright (c) 2010 Raoul Snyman # # --------------------------------------------------------------------------- # # This program is free software; you can redistribute it and/or modify it # # under the terms of the GNU General Public License as published by the Free # # Software Foundation; version 2 of the License. # # # # This program is distributed in the hope that it will be useful, but WITHOUT # # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or # # FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for # # more details. # # # # You should have received a copy of the GNU General Public License along # # with this program; if not, write to the Free Software Foundation, Inc., 59 # # Temple Place, Suite 330, Boston, MA 02111-1307 USA # ############################################################################### """ The base Controller API Provides the BaseController class for subclassing. """ from calendar import Calendar from datetime import datetime from decorator import decorator import logging from paste.request import construct_url from webob.exc import HTTPMovedPermanently from pylons import c, request, session, response, config from pylons.controllers import WSGIController from pylons.templating import render_mako from sqlalchemy.sql.expression import asc, desc from formencode import Schema, Invalid from scribeengine.lib import helpers as h from scribeengine.lib.validation import jsvalidate from scribeengine.model.meta import Session from scribeengine.model import Variable, User, Category, Page log = logging.getLogger(__name__) class BaseController(WSGIController): def __before__(self): #c.theme_name = Session.query(Configuration).get(u'theme').value if session.get(u'REMOTE_USER'): c.current_user = Session.query(User).get(session[u'REMOTE_USER']) c.blog_title = Session.query(Variable).get(u'blog title').value c.blog_slogan = Session.query(Variable).get(u'blog slogan').value c.categories = Session.query(Category).order_by(Category.name.asc()).all() c.pages = Session.query(Page).all() c.calendar = Calendar(6) c.today = datetime.today() if not c.thismonth: c.thismonth = datetime.now() self._add_javascript(u'jquery.js') if c.jsvalidation: self._add_javascript(u'jquery.validate.js') self._add_javascript(u'scribeengine.js') self._add_jsinit(u'init.js') def __call__(self, environ, start_response): """Invoke the Controller""" # WSGIController.__call__ dispatches to the Controller method # the request is routed to. This routing information is # available in environ['pylons.routes_dict'] try: # If there's a jsschema function, create a template context variable # that will be used to call in the JavaScript validation. route = u'/%s/%s' % (environ[u'pylons.routes_dict'][u'controller'], environ[u'pylons.routes_dict'][u'action']) action = environ[u'pylons.routes_dict'][u'action'] post = u'%s_POST' % action jsschema = u'%s_jsschema' % action schema = u'%s_schema' % action if getattr(self, jsschema, None) is not None: c.jsvalidation = route + u'_jsschema' if environ[u'REQUEST_METHOD'].upper() == u'POST': # Set up an initial, empty, set of form values. c.form_values = {} # Do validation according to schema here, even bfore it hits the _POST validators = getattr(self, schema, None) if validators: schema = self._make_schema(validators) unvalidated_fields = {} for key in schema.fields.keys(): if key in request.POST: value = request.POST.getall(key) if len(value) == 1: unvalidated_fields[key] = value[0] elif len(value) == 0: unvalidated_fields[key] = None else: unvalidated_fields[key] = value success, results = self._validate(schema, unvalidated_fields) # Any error messages plus the form values are put into the # c variable so that it is available to the called method. c.form_errors = results[u'errors'] c.form_values = results[u'values'] if not success: # If validation failed, go back to the original method. return WSGIController.__call__(self, environ, start_response) # Run through all of the POST variables, and make sure that # we stick any remaining variables into c.form_values for key in request.POST.keys(): if key not in c.form_values: value = request.POST.getall(key) if len(value) == 1: c.form_values[key] = value[0] elif len(value) == 0: c.form_values[key] = None else: c.form_values[key] = value # So, at this stage, we've done all is necessary, but this is # a POST, so send us on to a POST method if it exists. if getattr(self, post, None): environ[u'pylons.routes_dict'][u'action'] = post return WSGIController.__call__(self, environ, start_response) finally: Session.remove() def _make_schema(self, validators_function): """ _make_schema is a method which is used to automatically convert a dictionary of FormEncode validators into a schema. """ validators = validators_function() return Schema(**validators) def _validate(self, schema, params): """ Validate the (usually POST) request parameters against a FormEncode schema. Returns either: `(True, values)` Validation passed, and the values returned are converted (ie, of the correct type and normalised - leading and/or trailing spaces removed, etc.) `(False, errors)` Validation failed, and the errors returned are a dictionary: `values` The values as given in the request `errors` The validation errors (as many as can be given) """ if callable(schema): validator = schema() else: validator = schema # Remove 'submit', so that the schema doesn't need to contain it if u'submit' in params: del params[u'submit'] try: values = validator.to_python(params) except Invalid, e: if e.error_dict: # Standard case - each item in the schema that fails is added # to error_dict with the key being the item name and the value # a FormEncode error object. error_dict = e.error_dict.copy() else: # On full-form validation failure (for example, sending additional # data), the form isn't validated, and thus there is no error_dict error_dict = {} error_dict[None] = e.unpack_errors() return False, {u'values': params, u'errors': error_dict} return True, {u'values': values, u'errors': {}} def _add_javascript(self, filename, subdir=u'global'): """ This method dynamically adds javascript files to the section of the template. """ if not getattr(c, u'scripts', None): c.scripts = [] c.scripts.append((filename, subdir)) def _add_jsinit(self, filename): """ This method dynamically includes a special javascript initialisation file to the section of the template. """ c.jsinit = filename def _add_stylesheet(self, filename, subdir=None): """ This method dynamically adds javascript files to the section of the template. """ if not getattr(c, u'styles', None): c.styles = [] if subdir is None: subdir = c.theme_name c.styles.append(filename, subdir) def authenticate(permission=None): """ A decorator used to check the access level of a member against a permission. """ def validate(func, self, *args, **kwargs): if session.get(u'REMOTE_USER'): user = Session.query(User).get(session[u'REMOTE_USER']) if user: if permission and not user.has_permission(permission): h.flash.set_message( u'You don\'t have access to that area.', u'error') h.redirect_to('/') return func(self, *args, **kwargs) else: h.flash.set_message( u'You don\'t have access to that area.', u'error') h.redirect_to('/') else: session[u'redirect_url'] = request.environ[u'PATH_INFO'] session.save() h.flash.set_message(u'You need to be logged in to do that.', u'error') h.redirect_to('/admin/login') return decorator(validate) def render(template): if request.environ['PATH_INFO'] == '/': c.page_title = u'%s | %s ' % (c.blog_title, c.blog_slogan) else: c.page_title = u'%s | %s ' % (c.page_title, c.blog_title) return render_mako(template)