X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=roundup%2Fcgi%2Ftemplating.py;h=3cb9780c909f94bb833018cce663673f09ec2971;hb=e26c0e6a8f9dca8e604bae291509feec1e492354;hp=6fa573e9d26483c066c576942a7a6f0788913b8b;hpb=53a711152640acdbd6f6e15edc8fc965956b4e63;p=roundup.git
diff --git a/roundup/cgi/templating.py b/roundup/cgi/templating.py
index 6fa573e..3cb9780 100644
--- a/roundup/cgi/templating.py
+++ b/roundup/cgi/templating.py
@@ -1,10 +1,34 @@
from __future__ import nested_scopes
-import sys, cgi, urllib, os, re, os.path, time, errno, mimetypes
-
-from roundup import hyperdb, date, rcsv
+"""Implements the API used in the HTML templating for the web interface.
+"""
+
+todo = """
+- Most methods should have a "default" arg to supply a value
+ when none appears in the hyperdb or request.
+- Multilink property additions: change_note and new_upload
+- Add class.find() too
+- NumberHTMLProperty should support numeric operations
+- LinkHTMLProperty should handle comparisons to strings (cf. linked name)
+- HTMLRequest.default(self, sort, group, filter, columns, **filterspec):
+ '''Set the request's view arguments to the given values when no
+ values are found in the CGI environment.
+ '''
+- have menu() methods accept filtering arguments
+"""
+
+__docformat__ = 'restructuredtext'
+
+
+import sys, cgi, urllib, os, re, os.path, time, errno, mimetypes, csv
+import calendar, textwrap
+
+from roundup import hyperdb, date, support
+from roundup import i18n
from roundup.i18n import _
+from KeywordsExpr import render_keywords_expression_editor
+
try:
import cPickle as pickle
except ImportError:
@@ -14,33 +38,54 @@ try:
except ImportError:
import StringIO
try:
- import StructuredText
+ from StructuredText.StructuredText import HTML as StructuredText
+except ImportError:
+ try: # older version
+ import StructuredText
+ except ImportError:
+ StructuredText = None
+try:
+ from docutils.core import publish_parts as ReStructuredText
except ImportError:
- StructuredText = None
+ ReStructuredText = None
# bring in the templating support
-from roundup.cgi.PageTemplates import PageTemplate
+from roundup.cgi.PageTemplates import PageTemplate, GlobalTranslationService
from roundup.cgi.PageTemplates.Expressions import getEngine
-from roundup.cgi.TAL.TALInterpreter import TALInterpreter
-from roundup.cgi import ZTUtils
+from roundup.cgi.TAL import TALInterpreter
+from roundup.cgi import TranslationService, ZTUtils
-def input_html4(**attrs):
- """Generate an 'input' (html4) element with given attributes"""
- return ''%' '.join(['%s="%s"'%item for item in attrs.items()])
+### i18n services
+# this global translation service is not thread-safe.
+# it is left here for backward compatibility
+# until all Web UI translations are done via client.translator object
+translationService = TranslationService.get_translation()
+GlobalTranslationService.setGlobalTranslationService(translationService)
-def input_xhtml(**attrs):
- """Generate an 'input' (xhtml) element with given attributes"""
- return ''%' '.join(['%s="%s"'%item for item in attrs.items()])
+### templating
class NoTemplate(Exception):
pass
-def find_template(dir, name, extension):
- ''' Find a template in the nominated dir
- '''
+class Unauthorised(Exception):
+ def __init__(self, action, klass, translator=None):
+ self.action = action
+ self.klass = klass
+ if translator:
+ self._ = translator.gettext
+ else:
+ self._ = TranslationService.get_translation().gettext
+ def __str__(self):
+ return self._('You are not allowed to %(action)s '
+ 'items of class %(class)s') % {
+ 'action': self.action, 'class': self.klass}
+
+def find_template(dir, name, view):
+ """ Find a template in the nominated dir
+ """
# find the source
- if extension:
- filename = '%s.%s'%(name, extension)
+ if view:
+ filename = '%s.%s'%(name, view)
else:
filename = name
@@ -49,18 +94,19 @@ def find_template(dir, name, extension):
if os.path.exists(src):
return (src, filename)
- # try with a .html extension (new-style)
- filename = filename + '.html'
- src = os.path.join(dir, filename)
- if os.path.exists(src):
- return (src, filename)
+ # try with a .html or .xml extension (new-style)
+ for extension in '.html', '.xml':
+ f = filename + extension
+ src = os.path.join(dir, f)
+ if os.path.exists(src):
+ return (src, f)
- # no extension == no generic template is possible
- if not extension:
+ # no view == no generic template is possible
+ if not view:
raise NoTemplate, 'Template file "%s" doesn\'t exist'%name
# try for a _generic template
- generic = '_generic.%s'%extension
+ generic = '_generic.%s'%view
src = os.path.join(dir, generic)
if os.path.exists(src):
return (src, generic)
@@ -71,9 +117,9 @@ def find_template(dir, name, extension):
if os.path.exists(src):
return (src, generic)
- raise NoTemplate, 'No template file exists for templating "%s" '\
- 'with template "%s" (neither "%s" nor "%s")'%(name, extension,
- filename, generic)
+ raise NoTemplate('No template file exists for templating "%s" '
+ 'with template "%s" (neither "%s" nor "%s")'%(name, view,
+ filename, generic))
class Templates:
templates = {}
@@ -82,18 +128,32 @@ class Templates:
self.dir = dir
def precompileTemplates(self):
- ''' Go through a directory and precompile all the templates therein
- '''
+ """ Go through a directory and precompile all the templates therein
+ """
for filename in os.listdir(self.dir):
- if os.path.isdir(filename): continue
+ # skip subdirs
+ if os.path.isdir(filename):
+ continue
+
+ # skip files without ".html" or ".xml" extension - .css, .js etc.
+ for extension in '.html', '.xml':
+ if filename.endswith(extension):
+ break
+ else:
+ continue
+
+ # remove extension
+ filename = filename[:-len(extension)]
+
+ # load the template
if '.' in filename:
- name, extension = filename.split('.')
+ name, extension = filename.split('.', 1)
self.get(name, extension)
else:
self.get(filename, None)
def get(self, name, extension=None):
- ''' Interface to get a template, possibly loading a compiled template.
+ """ Interface to get a template, possibly loading a compiled template.
"name" and "extension" indicate the template we're after, which in
most cases will be "name.extension". If "extension" is None, then
@@ -101,7 +161,7 @@ class Templates:
If the file "name.extension" doesn't exist, we look for
"_generic.extension" as a fallback.
- '''
+ """
# default the name to "home"
if name is None:
name = 'home'
@@ -120,17 +180,33 @@ class Templates:
raise
if self.templates.has_key(src) and \
- stime < self.templates[src].mtime:
+ stime <= self.templates[src].mtime:
# compiled template is up to date
return self.templates[src]
# compile the template
- self.templates[src] = pt = RoundupPageTemplate()
+ pt = RoundupPageTemplate()
# use pt_edit so we can pass the content_type guess too
content_type = mimetypes.guess_type(filename)[0] or 'text/html'
pt.pt_edit(open(src).read(), content_type)
pt.id = filename
- pt.mtime = time.time()
+ pt.mtime = stime
+ # Add it to the cache. We cannot do this until the template
+ # is fully initialized, as we could otherwise have a race
+ # condition when running with multiple threads:
+ #
+ # 1. Thread A notices the template is not in the cache,
+ # adds it, but has not yet set "mtime".
+ #
+ # 2. Thread B notices the template is in the cache, checks
+ # "mtime" (above) and crashes.
+ #
+ # Since Python dictionary access is atomic, as long as we
+ # insert "pt" only after it is fully initialized, we avoid
+ # this race condition. It's possible that two separate
+ # threads will both do the work of initializing the template,
+ # but the risk of wasted work is offset by avoiding a lock.
+ self.templates[src] = pt
return pt
def __getitem__(self, name):
@@ -142,65 +218,110 @@ class Templates:
except NoTemplate, message:
raise KeyError, message
+def context(client, template=None, classname=None, request=None):
+ """Return the rendering context dictionary
+
+ The dictionary includes following symbols:
+
+ *context*
+ this is one of three things:
+
+ 1. None - we're viewing a "home" page
+ 2. The current class of item being displayed. This is an HTMLClass
+ instance.
+ 3. The current item from the database, if we're viewing a specific
+ item, as an HTMLItem instance.
+
+ *request*
+ Includes information about the current request, including:
+
+ - the url
+ - the current index information (``filterspec``, ``filter`` args,
+ ``properties``, etc) parsed out of the form.
+ - methods for easy filterspec link generation
+ - *user*, the current user node as an HTMLItem instance
+ - *form*, the current CGI form information as a FieldStorage
+
+ *config*
+ The current tracker config.
+
+ *db*
+ The current database, used to access arbitrary database items.
+
+ *utils*
+ This is a special class that has its base in the TemplatingUtils
+ class in this file. If the tracker interfaces module defines a
+ TemplatingUtils class then it is mixed in, overriding the methods
+ in the base class.
+
+ *templates*
+ Access to all the tracker templates by name.
+ Used mainly in *use-macro* commands.
+
+ *template*
+ Current rendering template.
+
+ *true*
+ Logical True value.
+
+ *false*
+ Logical False value.
+
+ *i18n*
+ Internationalization service, providing string translation
+ methods ``gettext`` and ``ngettext``.
+
+ """
+ # construct the TemplatingUtils class
+ utils = TemplatingUtils
+ if (hasattr(client.instance, 'interfaces') and
+ hasattr(client.instance.interfaces, 'TemplatingUtils')):
+ class utils(client.instance.interfaces.TemplatingUtils, utils):
+ pass
+
+ # if template, classname and/or request are not passed explicitely,
+ # compute form client
+ if template is None:
+ template = client.template
+ if classname is None:
+ classname = client.classname
+ if request is None:
+ request = HTMLRequest(client)
+
+ c = {
+ 'context': None,
+ 'options': {},
+ 'nothing': None,
+ 'request': request,
+ 'db': HTMLDatabase(client),
+ 'config': client.instance.config,
+ 'tracker': client.instance,
+ 'utils': utils(client),
+ 'templates': client.instance.templates,
+ 'template': template,
+ 'true': 1,
+ 'false': 0,
+ 'i18n': client.translator
+ }
+ # add in the item if there is one
+ if client.nodeid:
+ c['context'] = HTMLItem(client, classname, client.nodeid,
+ anonymous=1)
+ elif client.db.classes.has_key(classname):
+ c['context'] = HTMLClass(client, classname, anonymous=1)
+ return c
+
class RoundupPageTemplate(PageTemplate.PageTemplate):
- ''' A Roundup-specific PageTemplate.
-
- Interrogate the client to set up the various template variables to
- be available:
-
- *context*
- this is one of three things:
- 1. None - we're viewing a "home" page
- 2. The current class of item being displayed. This is an HTMLClass
- instance.
- 3. The current item from the database, if we're viewing a specific
- item, as an HTMLItem instance.
- *request*
- Includes information about the current request, including:
- - the url
- - the current index information (``filterspec``, ``filter`` args,
- ``properties``, etc) parsed out of the form.
- - methods for easy filterspec link generation
- - *user*, the current user node as an HTMLItem instance
- - *form*, the current CGI form information as a FieldStorage
- *config*
- The current tracker config.
- *db*
- The current database, used to access arbitrary database items.
- *utils*
- This is a special class that has its base in the TemplatingUtils
- class in this file. If the tracker interfaces module defines a
- TemplatingUtils class then it is mixed in, overriding the methods
- in the base class.
- '''
- def getContext(self, client, classname, request):
- # construct the TemplatingUtils class
- utils = TemplatingUtils
- if hasattr(client.instance.interfaces, 'TemplatingUtils'):
- class utils(client.instance.interfaces.TemplatingUtils, utils):
- pass
+ """A Roundup-specific PageTemplate.
- c = {
- 'options': {},
- 'nothing': None,
- 'request': request,
- 'db': HTMLDatabase(client),
- 'config': client.instance.config,
- 'tracker': client.instance,
- 'utils': utils(client),
- 'templates': Templates(client.instance.config.TEMPLATES),
- }
- # add in the item if there is one
- if client.nodeid:
- if classname == 'user':
- c['context'] = HTMLUser(client, classname, client.nodeid,
- anonymous=1)
- else:
- c['context'] = HTMLItem(client, classname, client.nodeid,
- anonymous=1)
- elif client.db.classes.has_key(classname):
- c['context'] = HTMLClass(client, classname, anonymous=1)
- return c
+ Interrogate the client to set up Roundup-specific template variables
+ to be available. See 'context' function for the list of variables.
+
+ """
+
+ # 06-jun-2004 [als] i am not sure if this method is used yet
+ def getContext(self, client, classname, request):
+ return context(client, self, classname, request)
def render(self, client, classname, request, **options):
"""Render this Page Template"""
@@ -215,33 +336,36 @@ class RoundupPageTemplate(PageTemplate.PageTemplate):
'Page Template %s has errors.'%self.id
# figure the context
- classname = classname or client.classname
- request = request or HTMLRequest(client)
- c = self.getContext(client, classname, request)
+ c = context(client, self, classname, request)
c.update({'options': options})
# and go
output = StringIO.StringIO()
- TALInterpreter(self._v_program, self.macros,
+ TALInterpreter.TALInterpreter(self._v_program, self.macros,
getEngine().getContext(c), output, tal=1, strictinsert=0)()
return output.getvalue()
+ def __repr__(self):
+ return ''%self.id
+
class HTMLDatabase:
- ''' Return HTMLClasses for valid class fetches
- '''
+ """ Return HTMLClasses for valid class fetches
+ """
def __init__(self, client):
self._client = client
+ self._ = client._
self._db = client.db
# we want config to be exposed
self.config = client.db.config
- def __getitem__(self, item, desre=re.compile(r'(?P\w+)(?P[-\d]+)')):
+ def __getitem__(self, item, desre=re.compile(r'(?P[a-zA-Z_]+)(?P[-\d]+)')):
# check to see if we're actually accessing an item
m = desre.match(item)
if m:
- self._client.db.getclass(m.group('cl'))
- return HTMLItem(self._client, m.group('cl'), m.group('id'))
+ cl = m.group('cl')
+ self._client.db.getclass(cl)
+ return HTMLItem(self._client, cl, m.group('id'))
else:
self._client.db.getclass(item)
return HTMLClass(self._client, item)
@@ -255,45 +379,135 @@ class HTMLDatabase:
def classes(self):
l = self._client.db.classes.keys()
l.sort()
- return [HTMLClass(self._client, cn) for cn in l]
-
-def lookupIds(db, prop, ids, num_re=re.compile('-?\d+')):
+ m = []
+ for item in l:
+ m.append(HTMLClass(self._client, item))
+ return m
+
+num_re = re.compile('^-?\d+$')
+
+def lookupIds(db, prop, ids, fail_ok=0, num_re=num_re, do_lookup=True):
+ """ "fail_ok" should be specified if we wish to pass through bad values
+ (most likely form values that we wish to represent back to the user)
+ "do_lookup" is there for preventing lookup by key-value (if we
+ know that the value passed *is* an id)
+ """
cl = db.getclass(prop.classname)
l = []
for entry in ids:
- if num_re.match(entry):
- l.append(entry)
- else:
+ if do_lookup:
try:
- l.append(cl.lookup(entry))
- except KeyError:
- # ignore invalid keys
+ item = cl.lookup(entry)
+ except (TypeError, KeyError):
pass
+ else:
+ l.append(item)
+ continue
+ # if fail_ok, ignore lookup error
+ # otherwise entry must be existing object id rather than key value
+ if fail_ok or num_re.match(entry):
+ l.append(entry)
+ return l
+
+def lookupKeys(linkcl, key, ids, num_re=num_re):
+ """ Look up the "key" values for "ids" list - though some may already
+ be key values, not ids.
+ """
+ l = []
+ for entry in ids:
+ if num_re.match(entry):
+ label = linkcl.get(entry, key)
+ # fall back to designator if label is None
+ if label is None: label = '%s%s'%(linkcl.classname, entry)
+ l.append(label)
+ else:
+ l.append(entry)
return l
+def _set_input_default_args(dic):
+ # 'text' is the default value anyway --
+ # but for CSS usage it should be present
+ dic.setdefault('type', 'text')
+ # useful e.g for HTML LABELs:
+ if not dic.has_key('id'):
+ try:
+ if dic['text'] in ('radio', 'checkbox'):
+ dic['id'] = '%(name)s-%(value)s' % dic
+ else:
+ dic['id'] = dic['name']
+ except KeyError:
+ pass
+
+def cgi_escape_attrs(**attrs):
+ return ' '.join(['%s="%s"'%(k,cgi.escape(str(v), True))
+ for k,v in attrs.items()])
+
+def input_html4(**attrs):
+ """Generate an 'input' (html4) element with given attributes"""
+ _set_input_default_args(attrs)
+ return ''%cgi_escape_attrs(**attrs)
+
+def input_xhtml(**attrs):
+ """Generate an 'input' (xhtml) element with given attributes"""
+ _set_input_default_args(attrs)
+ return ''%cgi_escape_attrs(**attrs)
+
+class HTMLInputMixin:
+ """ requires a _client property """
+ def __init__(self):
+ html_version = 'html4'
+ if hasattr(self._client.instance.config, 'HTML_VERSION'):
+ html_version = self._client.instance.config.HTML_VERSION
+ if html_version == 'xhtml':
+ self.input = input_xhtml
+ else:
+ self.input = input_html4
+ # self._context is used for translations.
+ # will be initialized by the first call to .gettext()
+ self._context = None
+
+ def gettext(self, msgid):
+ """Return the localized translation of msgid"""
+ if self._context is None:
+ self._context = context(self._client)
+ return self._client.translator.translate(domain="roundup",
+ msgid=msgid, context=self._context)
+
+ _ = gettext
+
class HTMLPermissions:
- ''' Helpers that provide answers to commonly asked Permission questions.
- '''
- def is_edit_ok(self):
- ''' Is the user allowed to Edit the current class?
- '''
- return self._db.security.hasPermission('Edit', self._client.userid,
- self._classname)
- def is_view_ok(self):
- ''' Is the user allowed to View the current class?
- '''
- return self._db.security.hasPermission('View', self._client.userid,
- self._classname)
- def is_only_view_ok(self):
- ''' Is the user only allowed to View (ie. not Edit) the current class?
- '''
- return self.is_view_ok() and not self.is_edit_ok()
-class HTMLClass(HTMLPermissions):
- ''' Accesses through a class (either through *class* or *db.*)
- '''
+ def view_check(self):
+ """ Raise the Unauthorised exception if the user's not permitted to
+ view this class.
+ """
+ if not self.is_view_ok():
+ raise Unauthorised("view", self._classname,
+ translator=self._client.translator)
+
+ def edit_check(self):
+ """ Raise the Unauthorised exception if the user's not permitted to
+ edit items of this class.
+ """
+ if not self.is_edit_ok():
+ raise Unauthorised("edit", self._classname,
+ translator=self._client.translator)
+
+ def retire_check(self):
+ """ Raise the Unauthorised exception if the user's not permitted to
+ retire items of this class.
+ """
+ if not self.is_retire_ok():
+ raise Unauthorised("retire", self._classname,
+ translator=self._client.translator)
+
+
+class HTMLClass(HTMLInputMixin, HTMLPermissions):
+ """ Accesses through a class (either through *class* or *db.*)
+ """
def __init__(self, client, classname, anonymous=0):
self._client = client
+ self._ = client._
self._db = client.db
self._anonymous = anonymous
@@ -303,128 +517,135 @@ class HTMLClass(HTMLPermissions):
self._klass = self._db.getclass(self.classname)
self._props = self._klass.getprops()
- html_version = 'html4'
- if hasattr(self._client.instance.config, 'HTML_VERSION'):
- html_version = self._client.instance.config.HTML_VERSION
- if html_version == 'xhtml':
- self.input = input_xhtml
- else:
- self.input = input_html4
+ HTMLInputMixin.__init__(self)
+
+ def is_edit_ok(self):
+ """ Is the user allowed to Create the current class?
+ """
+ perm = self._db.security.hasPermission
+ return perm('Web Access', self._client.userid) and perm('Create',
+ self._client.userid, self._classname)
+
+ def is_retire_ok(self):
+ """ Is the user allowed to retire items of the current class?
+ """
+ perm = self._db.security.hasPermission
+ return perm('Web Access', self._client.userid) and perm('Retire',
+ self._client.userid, self._classname)
+
+ def is_view_ok(self):
+ """ Is the user allowed to View the current class?
+ """
+ perm = self._db.security.hasPermission
+ return perm('Web Access', self._client.userid) and perm('View',
+ self._client.userid, self._classname)
+
+ def is_only_view_ok(self):
+ """ Is the user only allowed to View (ie. not Create) the current class?
+ """
+ return self.is_view_ok() and not self.is_edit_ok()
def __repr__(self):
return ''%(id(self), self.classname)
def __getitem__(self, item):
- ''' return an HTMLProperty instance
- '''
- #print 'HTMLClass.getitem', (self, item)
+ """ return an HTMLProperty instance
+ """
# we don't exist
if item == 'id':
return None
# get the property
- prop = self._props[item]
+ try:
+ prop = self._props[item]
+ except KeyError:
+ raise KeyError, 'No such property "%s" on %s'%(item, self.classname)
# look up the correct HTMLProperty class
form = self._client.form
for klass, htmlklass in propclasses:
if not isinstance(prop, klass):
continue
- if form.has_key(item):
- if isinstance(prop, hyperdb.Multilink):
- value = lookupIds(self._db, prop,
- handleListCGIValue(form[item]))
- elif isinstance(prop, hyperdb.Link):
- value = form[item].value.strip()
- if value:
- value = lookupIds(self._db, prop, [value])[0]
- else:
- value = None
- else:
- value = form[item].value.strip() or None
- else:
- if isinstance(prop, hyperdb.Multilink):
- value = []
- else:
- value = None
- return htmlklass(self._client, self._classname, '', prop, item,
+ value = prop.get_default_value()
+ return htmlklass(self._client, self._classname, None, prop, item,
value, self._anonymous)
# no good
raise KeyError, item
def __getattr__(self, attr):
- ''' convenience access '''
+ """ convenience access """
try:
return self[attr]
except KeyError:
raise AttributeError, attr
def designator(self):
- ''' Return this class' designator (classname) '''
+ """ Return this class' designator (classname) """
return self._classname
- def getItem(self, itemid, num_re=re.compile('-?\d+')):
- ''' Get an item of this class by its item id.
- '''
+ def getItem(self, itemid, num_re=num_re):
+ """ Get an item of this class by its item id.
+ """
# make sure we're looking at an itemid
- if not num_re.match(itemid):
+ if not isinstance(itemid, type(1)) and not num_re.match(itemid):
itemid = self._klass.lookup(itemid)
- if self.classname == 'user':
- klass = HTMLUser
- else:
- klass = HTMLItem
-
- return klass(self._client, self.classname, itemid)
+ return HTMLItem(self._client, self.classname, itemid)
def properties(self, sort=1):
- ''' Return HTMLProperty for all of this class' properties.
- '''
+ """ Return HTMLProperty for all of this class' properties.
+ """
l = []
for name, prop in self._props.items():
for klass, htmlklass in propclasses:
- if isinstance(prop, hyperdb.Multilink):
- value = []
- else:
- value = None
if isinstance(prop, klass):
+ value = prop.get_default_value()
l.append(htmlklass(self._client, self._classname, '',
- prop, name, value, self._anonymous))
+ prop, name, value, self._anonymous))
if sort:
l.sort(lambda a,b:cmp(a._name, b._name))
return l
- def list(self):
- ''' List all items in this class.
- '''
- if self.classname == 'user':
- klass = HTMLUser
- else:
- klass = HTMLItem
-
+ def list(self, sort_on=None):
+ """ List all items in this class.
+ """
# get the list and sort it nicely
l = self._klass.list()
- sortfunc = make_sort_function(self._db, self.classname)
+ sortfunc = make_sort_function(self._db, self._classname, sort_on)
l.sort(sortfunc)
- l = [klass(self._client, self.classname, x) for x in l]
+ # check perms
+ check = self._client.db.security.hasPermission
+ userid = self._client.userid
+ if not check('Web Access', userid):
+ return []
+
+ l = [HTMLItem(self._client, self._classname, id) for id in l
+ if check('View', userid, self._classname, itemid=id)]
+
return l
def csv(self):
- ''' Return the items of this class as a chunk of CSV text.
- '''
- if rcsv.error:
- return rcsv.error
-
+ """ Return the items of this class as a chunk of CSV text.
+ """
props = self.propnames()
s = StringIO.StringIO()
- writer = rcsv.writer(s, rcsv.comma_separated)
+ writer = csv.writer(s)
writer.writerow(props)
+ check = self._client.db.security.hasPermission
+ userid = self._client.userid
+ if not check('Web Access', userid):
+ return ''
for nodeid in self._klass.list():
l = []
for name in props:
+ # check permission to view this property on this item
+ if not check('View', userid, itemid=nodeid,
+ classname=self._klass.classname, property=name):
+ raise Unauthorised('view', self._klass.classname,
+ translator=self._client.translator)
value = self._klass.get(nodeid, name)
if value is None:
l.append('')
@@ -436,87 +657,148 @@ class HTMLClass(HTMLPermissions):
return s.getvalue()
def propnames(self):
- ''' Return the list of the names of the properties of this class.
- '''
+ """ Return the list of the names of the properties of this class.
+ """
idlessprops = self._klass.getprops(protected=0).keys()
idlessprops.sort()
return ['id'] + idlessprops
- def filter(self, request=None):
- ''' Return a list of items from this class, filtered and sorted
+ def filter(self, request=None, filterspec={}, sort=[], group=[]):
+ """ Return a list of items from this class, filtered and sorted
by the current requested filterspec/filter/sort/group args
- '''
- # XXX allow direct specification of the filterspec etc.
+
+ "request" takes precedence over the other three arguments.
+ """
+ security = self._db.security
+ userid = self._client.userid
if request is not None:
+ # for a request we asume it has already been
+ # security-filtered
filterspec = request.filterspec
sort = request.sort
group = request.group
else:
- filterspec = {}
- sort = (None,None)
- group = (None,None)
- if self.classname == 'user':
- klass = HTMLUser
- else:
- klass = HTMLItem
- l = [klass(self._client, self.classname, x)
- for x in self._klass.filter(None, filterspec, sort, group)]
+ cn = self.classname
+ filterspec = security.filterFilterspec(userid, cn, filterspec)
+ sort = security.filterSortspec(userid, cn, sort)
+ group = security.filterSortspec(userid, cn, group)
+
+ check = security.hasPermission
+ if not check('Web Access', userid):
+ return []
+
+ l = [HTMLItem(self._client, self.classname, id)
+ for id in self._klass.filter(None, filterspec, sort, group)
+ if check('View', userid, self.classname, itemid=id)]
return l
- def classhelp(self, properties=None, label='(list)', width='500',
- height='400', property=''):
- ''' Pop up a javascript window with class help
+ def classhelp(self, properties=None, label=''"(list)", width='500',
+ height='400', property='', form='itemSynopsis',
+ pagesize=50, inputtype="checkbox", sort=None, filter=None):
+ """Pop up a javascript window with class help
+
+ This generates a link to a popup window which displays the
+ properties indicated by "properties" of the class named by
+ "classname". The "properties" should be a comma-separated list
+ (eg. 'id,name,description'). Properties defaults to all the
+ properties of a class (excluding id, creator, created and
+ activity).
+
+ You may optionally override the label displayed, the width,
+ the height, the number of items per page and the field on which
+ the list is sorted (defaults to username if in the displayed
+ properties).
+
+ With the "filter" arg it is possible to specify a filter for
+ which items are supposed to be displayed. It has to be of
+ the format "=;=;...".
+
+ The popup window will be resizable and scrollable.
- This generates a link to a popup window which displays the
- properties indicated by "properties" of the class named by
- "classname". The "properties" should be a comma-separated list
- (eg. 'id,name,description'). Properties defaults to all the
- properties of a class (excluding id, creator, created and
- activity).
+ If the "property" arg is given, it's passed through to the
+ javascript help_window function.
- You may optionally override the label displayed, the width and
- height. The popup window will be resizable and scrollable.
+ You can use inputtype="radio" to display a radio box instead
+ of the default checkbox (useful for entering Link-properties)
- If the "property" arg is given, it's passed through to the
- javascript help_window function.
- '''
+ If the "form" arg is given, it's passed through to the
+ javascript help_window function. - it's the name of the form
+ the "property" belongs to.
+ """
if properties is None:
properties = self._klass.getprops(protected=0).keys()
properties.sort()
properties = ','.join(properties)
+ if sort is None:
+ if 'username' in properties.split( ',' ):
+ sort = 'username'
+ else:
+ sort = self._klass.orderprop()
+ sort = '&@sort=' + sort
if property:
property = '&property=%s'%property
- return '%s'%(self.classname, properties, property, width,
- height, label)
+ if form:
+ form = '&form=%s'%form
+ if inputtype:
+ type= '&type=%s'%inputtype
+ if filter:
+ filterprops = filter.split(';')
+ filtervalues = []
+ names = []
+ for x in filterprops:
+ (name, values) = x.split('=')
+ names.append(name)
+ filtervalues.append('&%s=%s' % (name, urllib.quote(values)))
+ filter = '&@filter=%s%s' % (','.join(names), ''.join(filtervalues))
+ else:
+ filter = ''
+ help_url = "%s?@startwith=0&@template=help&"\
+ "properties=%s%s%s%s%s&@pagesize=%s%s" % \
+ (self.classname, properties, property, form, type,
+ sort, pagesize, filter)
+ onclick = "javascript:help_window('%s', '%s', '%s');return false;" % \
+ (help_url, width, height)
+ return '%s' % \
+ (help_url, onclick, self._(label))
+
+ def submit(self, label=''"Submit New Entry", action="new"):
+ """ Generate a submit button (and action hidden element)
+
+ Generate nothing if we're not editable.
+ """
+ if not self.is_edit_ok():
+ return ''
- def submit(self, label="Submit New Entry"):
- ''' Generate a submit button (and action hidden element)
- '''
- return self.input(type="hidden",name="@action",value="new") + '\n' + \
- self.input(type="submit",name="submit",value=label)
+ return self.input(type="hidden", name="@action", value=action) + \
+ '\n' + \
+ self.input(type="submit", name="submit_button", value=self._(label))
def history(self):
- return 'New node - no history'
+ if not self.is_view_ok():
+ return self._('[hidden]')
+ return self._('New node - no history')
def renderWith(self, name, **kwargs):
- ''' Render this class with the given template.
- '''
+ """ Render this class with the given template.
+ """
# create a new request and override the specified args
req = HTMLRequest(self._client)
req.classname = self.classname
req.update(kwargs)
# new template, using the specified classname and request
- pt = Templates(self._db.config.TEMPLATES).get(self.classname, name)
+ pt = self._client.instance.templates.get(self.classname, name)
# use our fabricated request
- return pt.render(self._client, self.classname, req)
+ args = {
+ 'ok_message': self._client.ok_message,
+ 'error_message': self._client.error_message
+ }
+ return pt.render(self._client, self.classname, req, **args)
-class HTMLItem(HTMLPermissions):
- ''' Accesses through an *item*
- '''
+class _HTMLItem(HTMLInputMixin, HTMLPermissions):
+ """ Accesses through an *item*
+ """
def __init__(self, client, classname, nodeid, anonymous=0):
self._client = client
self._db = client.db
@@ -528,96 +810,151 @@ class HTMLItem(HTMLPermissions):
# do we prefix the form items with the item's identification?
self._anonymous = anonymous
+ HTMLInputMixin.__init__(self)
+
+ def is_edit_ok(self):
+ """ Is the user allowed to Edit this item?
+ """
+ perm = self._db.security.hasPermission
+ return perm('Web Access', self._client.userid) and perm('Edit',
+ self._client.userid, self._classname, itemid=self._nodeid)
+
+ def is_retire_ok(self):
+ """ Is the user allowed to Reture this item?
+ """
+ perm = self._db.security.hasPermission
+ return perm('Web Access', self._client.userid) and perm('Retire',
+ self._client.userid, self._classname, itemid=self._nodeid)
+
+ def is_view_ok(self):
+ """ Is the user allowed to View this item?
+ """
+ perm = self._db.security.hasPermission
+ if perm('Web Access', self._client.userid) and perm('View',
+ self._client.userid, self._classname, itemid=self._nodeid):
+ return 1
+ return self.is_edit_ok()
+
+ def is_only_view_ok(self):
+ """ Is the user only allowed to View (ie. not Edit) this item?
+ """
+ return self.is_view_ok() and not self.is_edit_ok()
+
def __repr__(self):
return ''%(id(self), self._classname,
self._nodeid)
def __getitem__(self, item):
- ''' return an HTMLProperty instance
- '''
- #print 'HTMLItem.getitem', (self, item)
+ """ return an HTMLProperty instance
+ this now can handle transitive lookups where item is of the
+ form x.y.z
+ """
if item == 'id':
return self._nodeid
+ items = item.split('.', 1)
+ has_rest = len(items) > 1
+
# get the property
- prop = self._props[item]
+ prop = self._props[items[0]]
+
+ if has_rest and not isinstance(prop, (hyperdb.Link, hyperdb.Multilink)):
+ raise KeyError, item
# get the value, handling missing values
value = None
if int(self._nodeid) > 0:
- value = self._klass.get(self._nodeid, item, None)
+ value = self._klass.get(self._nodeid, items[0], None)
if value is None:
- if isinstance(self._props[item], hyperdb.Multilink):
+ if isinstance(prop, hyperdb.Multilink):
value = []
# look up the correct HTMLProperty class
+ htmlprop = None
for klass, htmlklass in propclasses:
if isinstance(prop, klass):
- return htmlklass(self._client, self._classname,
- self._nodeid, prop, item, value, self._anonymous)
+ htmlprop = htmlklass(self._client, self._classname,
+ self._nodeid, prop, items[0], value, self._anonymous)
+ if htmlprop is not None:
+ if has_rest:
+ if isinstance(htmlprop, MultilinkHTMLProperty):
+ return [h[items[1]] for h in htmlprop]
+ return htmlprop[items[1]]
+ return htmlprop
raise KeyError, item
def __getattr__(self, attr):
- ''' convenience access to properties '''
+ """ convenience access to properties """
try:
return self[attr]
except KeyError:
raise AttributeError, attr
def designator(self):
- ''' Return this item's designator (classname + id) '''
+ """Return this item's designator (classname + id)."""
return '%s%s'%(self._classname, self._nodeid)
-
- def submit(self, label="Submit Changes"):
- ''' Generate a submit button (and action hidden element)
- '''
- return self.input(type="hidden",name="@action",value="edit") + '\n' + \
- self.input(type="submit",name="submit",value=label)
+
+ def is_retired(self):
+ """Is this item retired?"""
+ return self._klass.is_retired(self._nodeid)
+
+ def submit(self, label=''"Submit Changes", action="edit"):
+ """Generate a submit button.
+
+ Also sneak in the lastactivity and action hidden elements.
+ """
+ return self.input(type="hidden", name="@lastactivity",
+ value=self.activity.local(0)) + '\n' + \
+ self.input(type="hidden", name="@action", value=action) + '\n' + \
+ self.input(type="submit", name="submit_button", value=self._(label))
def journal(self, direction='descending'):
- ''' Return a list of HTMLJournalEntry instances.
- '''
+ """ Return a list of HTMLJournalEntry instances.
+ """
# XXX do this
return []
- def history(self, direction='descending', dre=re.compile('\d+')):
- l = ['
'
- '
',
- _('History'),
- '
',
- _('
Date
'),
- _('
User
'),
- _('
Action
'),
- _('
Args
'),
- '
']
+ def history(self, direction='descending', dre=re.compile('^\d+$'),
+ limit=None):
+ if not self.is_view_ok():
+ return self._('[hidden]')
+
+ # pre-load the history with the current state
current = {}
- comments = {}
+ for prop_n in self._props.keys():
+ prop = self[prop_n]
+ if not isinstance(prop, HTMLProperty):
+ continue
+ current[prop_n] = prop.plain(escape=1)
+ # make link if hrefable
+ if (self._props.has_key(prop_n) and
+ isinstance(self._props[prop_n], hyperdb.Link)):
+ classname = self._props[prop_n].classname
+ try:
+ template = find_template(self._db.config.TEMPLATES,
+ classname, 'item')
+ if template[1].startswith('_generic'):
+ raise NoTemplate, 'not really...'
+ except NoTemplate:
+ pass
+ else:
+ id = self._klass.get(self._nodeid, prop_n, None)
+ current[prop_n] = '%s'%(
+ classname, id, current[prop_n])
+
+ # get the journal, sort and reverse
history = self._klass.history(self._nodeid)
history.sort()
+ history.reverse()
+
+ # restrict the volume
+ if limit:
+ history = history[:limit]
+
timezone = self._db.getUserTimezone()
- if direction == 'descending':
- history.reverse()
- for prop_n in self._props.keys():
- prop = self[prop_n]
- if isinstance(prop, HTMLProperty):
- current[prop_n] = prop.plain()
- # make link if hrefable
- if (self._props.has_key(prop_n) and
- isinstance(self._props[prop_n], hyperdb.Link)):
- classname = self._props[prop_n].classname
- try:
- template = find_template(self._db.config.TEMPLATES,
- classname, 'item')
- if template[1].startswith('_generic'):
- raise NoTemplate, 'not really...'
- except NoTemplate:
- pass
- else:
- id = self._klass.get(self._nodeid, prop_n, None)
- current[prop_n] = '%s'%(
- classname, id, current[prop_n])
-
+ l = []
+ comments = {}
for id, evt_date, user, action, args in history:
date_s = str(evt_date.local(timezone)).replace("."," ")
arg_s = ''
@@ -648,9 +985,10 @@ class HTMLItem(HTMLPermissions):
prop = None
if prop is None:
# property no longer exists
- comments['no_exist'] = _('''The indicated property
- no longer exists''')
- cell.append('%s: %s\n'%(k, str(args[k])))
+ comments['no_exist'] = self._(
+ "The indicated property no longer exists")
+ cell.append(self._('%s: %s\n')
+ % (self._(k), str(args[k])))
continue
if args[k] and (isinstance(prop, hyperdb.Multilink) or
@@ -661,8 +999,9 @@ class HTMLItem(HTMLPermissions):
linkcl = self._db.getclass(classname)
except KeyError:
labelprop = None
- comments[classname] = _('''The linked class
- %(classname)s no longer exists''')%locals()
+ comments[classname] = self._(
+ "The linked class %(classname)s no longer exists"
+ ) % locals()
labelprop = linkcl.labelprop(1)
try:
template = find_template(self._db.config.TEMPLATES,
@@ -692,19 +1031,23 @@ class HTMLItem(HTMLPermissions):
if labelprop is not None and \
labelprop != 'id':
label = linkcl.get(linkid, labelprop)
+ label = cgi.escape(label)
except IndexError:
- comments['no_link'] = _('''The
- linked node no longer
- exists''')
+ comments['no_link'] = self._(
+ "The linked node"
+ " no longer exists")
subml.append('%s'%label)
else:
if hrefable:
subml.append('%s'%(
classname, linkid, label))
+ elif label is None:
+ subml.append('%s%s'%(classname,
+ linkid))
else:
subml.append(label)
ml.append(sublabel + ', '.join(subml))
- cell.append('%s:\n %s'%(k, ', '.join(ml)))
+ cell.append('%s:\n %s'%(self._(k), ', '.join(ml)))
elif isinstance(prop, hyperdb.Link) and args[k]:
label = classname + args[k]
# if we have a label property, try to use it
@@ -712,53 +1055,75 @@ class HTMLItem(HTMLPermissions):
# there's no labelprop!
if labelprop is not None and labelprop != 'id':
try:
- label = linkcl.get(args[k], labelprop)
+ label = cgi.escape(linkcl.get(args[k],
+ labelprop))
except IndexError:
- comments['no_link'] = _('''The
- linked node no longer
- exists''')
+ comments['no_link'] = self._(
+ "The linked node"
+ " no longer exists")
cell.append(' %s,\n'%label)
# "flag" this is done .... euwww
label = None
if label is not None:
if hrefable:
- old = '%s'%(classname, args[k], label)
+ old = '%s'%(classname,
+ args[k], label)
else:
old = label;
- cell.append('%s: %s' % (k,old))
+ cell.append('%s: %s' % (self._(k), old))
if current.has_key(k):
cell[-1] += ' -> %s'%current[k]
current[k] = old
elif isinstance(prop, hyperdb.Date) and args[k]:
- d = date.Date(args[k]).local(timezone)
- cell.append('%s: %s'%(k, str(d)))
+ if args[k] is None:
+ d = ''
+ else:
+ d = date.Date(args[k],
+ translator=self._client).local(timezone)
+ cell.append('%s: %s'%(self._(k), str(d)))
if current.has_key(k):
cell[-1] += ' -> %s' % current[k]
current[k] = str(d)
elif isinstance(prop, hyperdb.Interval) and args[k]:
- d = date.Interval(args[k])
- cell.append('%s: %s'%(k, str(d)))
+ val = str(date.Interval(args[k],
+ translator=self._client))
+ cell.append('%s: %s'%(self._(k), val))
if current.has_key(k):
cell[-1] += ' -> %s'%current[k]
- current[k] = str(d)
+ current[k] = val
elif isinstance(prop, hyperdb.String) and args[k]:
- cell.append('%s: %s'%(k, cgi.escape(args[k])))
+ val = cgi.escape(args[k])
+ cell.append('%s: %s'%(self._(k), val))
+ if current.has_key(k):
+ cell[-1] += ' -> %s'%current[k]
+ current[k] = val
+
+ elif isinstance(prop, hyperdb.Boolean) and args[k] is not None:
+ val = args[k] and ''"Yes" or ''"No"
+ cell.append('%s: %s'%(self._(k), val))
if current.has_key(k):
cell[-1] += ' -> %s'%current[k]
- current[k] = cgi.escape(args[k])
+ current[k] = val
+
+ elif isinstance(prop, hyperdb.Password) and args[k] is not None:
+ val = args[k].dummystr()
+ cell.append('%s: %s'%(self._(k), val))
+ if current.has_key(k):
+ cell[-1] += ' -> %s'%current[k]
+ current[k] = val
elif not args[k]:
if current.has_key(k):
- cell.append('%s: %s'%(k, current[k]))
+ cell.append('%s: %s'%(self._(k), current[k]))
current[k] = '(no value)'
else:
- cell.append('%s: (no value)'%k)
+ cell.append(self._('%s: (no value)')%self._(k))
else:
- cell.append('%s: %s'%(k, str(args[k])))
+ cell.append('%s: %s'%(self._(k), str(args[k])))
if current.has_key(k):
cell[-1] += ' -> %s'%current[k]
current[k] = str(args[k])
@@ -766,8 +1131,9 @@ class HTMLItem(HTMLPermissions):
arg_s = ' '.join(cell)
else:
# unkown event!!
- comments['unknown'] = _('''This event is not
- handled by the history display!''')
+ comments['unknown'] = self._(
+ "This event is not handled"
+ " by the history display!")
arg_s = '' + str(args) + ''
date_s = date_s.replace(' ', ' ')
# if the user's an itemid, figure the username (older journals
@@ -775,17 +1141,31 @@ class HTMLItem(HTMLPermissions):
if dre.match(user):
user = self._db.user.get(user, 'username')
l.append('
'%entry)
+
+ if direction == 'ascending':
+ l.reverse()
+
+ l[0:0] = ['
'
+ '
',
+ self._('History'),
+ '
',
+ self._('
Date
'),
+ self._('
User
'),
+ self._('
Action
'),
+ self._('
Args
'),
+ '
']
l.append('
')
return '\n'.join(l)
def renderQueryForm(self):
- ''' Render this item, which is a query, as a search form.
- '''
+ """ Render this item, which is a query, as a search form.
+ """
# create a new request and override the specified args
req = HTMLRequest(self._client)
req.classname = self._klass.get(self._nodeid, 'klass')
@@ -794,50 +1174,73 @@ class HTMLItem(HTMLPermissions):
'&@queryname=%s'%urllib.quote(name))
# new template, using the specified classname and request
- pt = Templates(self._db.config.TEMPLATES).get(req.classname, 'search')
+ pt = self._client.instance.templates.get(req.classname, 'search')
+ # The context for a search page should be the class, not any
+ # node.
+ self._client.nodeid = None
# use our fabricated request
return pt.render(self._client, req.classname, req)
-class HTMLUser(HTMLItem):
- ''' Accesses through the *user* (a special case of item)
- '''
- def __init__(self, client, classname, nodeid, anonymous=0):
- HTMLItem.__init__(self, client, 'user', nodeid, anonymous)
- self._default_classname = client.classname
-
- # used for security checks
- self._security = client.db.security
-
+ def download_url(self):
+ """ Assume that this item is a FileClass and that it has a name
+ and content. Construct a URL for the download of the content.
+ """
+ name = self._klass.get(self._nodeid, 'name')
+ url = '%s%s/%s'%(self._classname, self._nodeid, name)
+ return urllib.quote(url)
+
+ def copy_url(self, exclude=("messages", "files")):
+ """Construct a URL for creating a copy of this item
+
+ "exclude" is an optional list of properties that should
+ not be copied to the new object. By default, this list
+ includes "messages" and "files" properties. Note that
+ "id" property cannot be copied.
+
+ """
+ exclude = ("id", "activity", "actor", "creation", "creator") \
+ + tuple(exclude)
+ query = {
+ "@template": "item",
+ "@note": self._("Copy of %(class)s %(id)s") % {
+ "class": self._(self._classname), "id": self._nodeid},
+ }
+ for name in self._props.keys():
+ if name not in exclude:
+ query[name] = self[name].plain()
+ return self._classname + "?" + "&".join(
+ ["%s=%s" % (key, urllib.quote(value))
+ for key, value in query.items()])
+
+class _HTMLUser(_HTMLItem):
+ """Add ability to check for permissions on users.
+ """
_marker = []
- def hasPermission(self, permission, classname=_marker):
- ''' Determine if the user has the Permission.
+ def hasPermission(self, permission, classname=_marker,
+ property=None, itemid=None):
+ """Determine if the user has the Permission.
- The class being tested defaults to the template's class, but may
- be overidden for this test by suppling an alternate classname.
- '''
+ The class being tested defaults to the template's class, but may
+ be overidden for this test by suppling an alternate classname.
+ """
if classname is self._marker:
- classname = self._default_classname
- return self._security.hasPermission(permission, self._nodeid, classname)
+ classname = self._client.classname
+ return self._db.security.hasPermission(permission,
+ self._nodeid, classname, property, itemid)
- def is_edit_ok(self):
- ''' Is the user allowed to Edit the current class?
- Also check whether this is the current user's info.
- '''
- return self._db.security.hasPermission('Edit', self._client.userid,
- self._classname) or (self._nodeid == self._client.userid and
- self._db.user.get(self._client.userid, 'username') != 'anonymous')
+ def hasRole(self, *rolenames):
+ """Determine whether the user has any role in rolenames."""
+ return self._db.user.has_role(self._nodeid, *rolenames)
- def is_view_ok(self):
- ''' Is the user allowed to View the current class?
- Also check whether this is the current user's info.
- '''
- return self._db.security.hasPermission('Edit', self._client.userid,
- self._classname) or (self._nodeid == self._client.userid and
- self._db.user.get(self._client.userid, 'username') != 'anonymous')
+def HTMLItem(client, classname, nodeid, anonymous=0):
+ if classname == 'user':
+ return _HTMLUser(client, classname, nodeid, anonymous)
+ else:
+ return _HTMLItem(client, classname, nodeid, anonymous)
-class HTMLProperty:
- ''' String, Number, Date, Interval HTMLProperty
+class HTMLProperty(HTMLInputMixin, HTMLPermissions):
+ """ String, Number, Date, Interval HTMLProperty
Has useful attributes:
@@ -845,11 +1248,12 @@ class HTMLProperty:
_value the value of the property if any
A wrapper object which may be stringified for the plain() behaviour.
- '''
+ """
def __init__(self, client, classname, nodeid, prop, name, value,
anonymous=0):
self._client = client
self._db = client.db
+ self._ = client._
self._classname = classname
self._nodeid = nodeid
self._prop = prop
@@ -857,21 +1261,40 @@ class HTMLProperty:
self._anonymous = anonymous
self._name = name
if not anonymous:
- self._formname = '%s%s@%s'%(classname, nodeid, name)
+ if nodeid:
+ self._formname = '%s%s@%s'%(classname, nodeid, name)
+ else:
+ # This case occurs when creating a property for a
+ # non-anonymous class.
+ self._formname = '%s@%s'%(classname, name)
else:
self._formname = name
- html_version = 'html4'
- if hasattr(self._client.instance.config, 'HTML_VERSION'):
- html_version = self._client.instance.config.HTML_VERSION
- if html_version == 'xhtml':
- self.input = input_xhtml
- else:
- self.input = input_html4
-
+ # If no value is already present for this property, see if one
+ # is specified in the current form.
+ form = self._client.form
+ if not self._value and form.has_key(self._formname):
+ if isinstance(prop, hyperdb.Multilink):
+ value = lookupIds(self._db, prop,
+ handleListCGIValue(form[self._formname]),
+ fail_ok=1)
+ elif isinstance(prop, hyperdb.Link):
+ value = form.getfirst(self._formname).strip()
+ if value:
+ value = lookupIds(self._db, prop, [value],
+ fail_ok=1)[0]
+ else:
+ value = None
+ else:
+ value = form.getfirst(self._formname).strip() or None
+ self._value = value
+
+ HTMLInputMixin.__init__(self)
+
def __repr__(self):
- return ''%(id(self), self._formname,
- self._prop, self._value)
+ classname = self.__class__.__name__
+ return '<%s(0x%x) %s %r %r>'%(classname, id(self), self._formname,
+ self._prop, self._value)
def __str__(self):
return self.plain()
def __cmp__(self, other):
@@ -879,39 +1302,135 @@ class HTMLProperty:
return cmp(self._value, other._value)
return cmp(self._value, other)
+ def __nonzero__(self):
+ return not not self._value
+
+ def isset(self):
+ """Is my _value not None?"""
+ return self._value is not None
+
+ def is_edit_ok(self):
+ """Should the user be allowed to use an edit form field for this
+ property. Check "Create" for new items, or "Edit" for existing
+ ones.
+ """
+ perm = self._db.security.hasPermission
+ userid = self._client.userid
+ if self._nodeid:
+ if not perm('Web Access', userid):
+ return False
+ return perm('Edit', userid, self._classname, self._name,
+ self._nodeid)
+ return perm('Create', userid, self._classname, self._name) or \
+ perm('Register', userid, self._classname, self._name)
+
+ def is_view_ok(self):
+ """ Is the user allowed to View the current class?
+ """
+ perm = self._db.security.hasPermission
+ if perm('Web Access', self._client.userid) and perm('View',
+ self._client.userid, self._classname, self._name, self._nodeid):
+ return 1
+ return self.is_edit_ok()
+
class StringHTMLProperty(HTMLProperty):
- hyper_re = re.compile(r'((?P\w{3,6}://\S+)|'
- r'(?P[-+=%/\w\.]+@[\w\.\-]+)|'
- r'(?P(?P[a-z_]+)(?P\d+)))')
+ hyper_re = re.compile(r'''(
+ (?P
+ (
+ (ht|f)tp(s?):// # protocol
+ ([\w]+(:\w+)?@)? # username/password
+ ([\w\-]+) # hostname
+ ((\.[\w-]+)+)? # .domain.etc
+ | # ... or ...
+ ([\w]+(:\w+)?@)? # username/password
+ www\. # "www."
+ ([\w\-]+\.)+ # hostname
+ [\w]{2,5} # TLD
+ )
+ (:[\d]{1,5})? # port
+ (/[\w\-$.+!*(),;:@&=?/~\\#%]*)? # path etc.
+ )|
+ (?P[-+=%/\w\.]+@[\w\.\-]+)|
+ (?P(?P[A-Za-z_]+)(\s*)(?P\d+))
+ )''', re.X | re.I)
+ protocol_re = re.compile('^(ht|f)tp(s?)://', re.I)
+
+
+
def _hyper_repl(self, match):
+ if match.group('url'):
+ return self._hyper_repl_url(match, '%s%s')
+ elif match.group('email'):
+ return self._hyper_repl_email(match, '%s')
+ elif len(match.group('id')) < 10:
+ return self._hyper_repl_item(match,
+ '%(item)s')
+ else:
+ # just return the matched text
+ return match.group(0)
+
+ def _hyper_repl_url(self, match, replacement):
+ u = s = match.group('url')
+ if not self.protocol_re.search(s):
+ u = 'http://' + s
+ end = ''
+ if '>' in s:
+ # catch an escaped ">" in the URL
+ pos = s.find('>')
+ end = s[pos:]
+ u = s = s[:pos]
+ if ')' in s and s.count('(') != s.count(')'):
+ # don't include extraneous ')' in the link
+ pos = s.rfind(')')
+ end = s[pos:] + end
+ u = s = s[:pos]
+ return replacement % (u, s, end)
+
+ def _hyper_repl_email(self, match, replacement):
+ s = match.group('email')
+ return replacement % (s, s)
+
+ def _hyper_repl_item(self, match, replacement):
+ item = match.group('item')
+ cls = match.group('class').lower()
+ id = match.group('id')
+ try:
+ # make sure cls is a valid tracker classname
+ cl = self._db.getclass(cls)
+ if not cl.hasnode(id):
+ return item
+ return replacement % locals()
+ except KeyError:
+ return item
+
+
+ def _hyper_repl_rst(self, match):
if match.group('url'):
s = match.group('url')
- return '%s'%(s, s)
+ return '`%s <%s>`_'%(s, s)
elif match.group('email'):
s = match.group('email')
- return '%s'%(s, s)
+ return '`%s `_'%(s, s)
+ elif len(match.group('id')) < 10:
+ return self._hyper_repl_item(match,'`%(item)s <%(cls)s%(id)s>`_')
else:
- s = match.group('item')
- s1 = match.group('class')
- s2 = match.group('id')
- try:
- # make sure s1 is a valid tracker classname
- self._db.getclass(s1)
- return '%s %s'%(s, s1, s2)
- except KeyError:
- return '%s%s'%(s1, s2)
+ # just return the matched text
+ return match.group(0)
def hyperlinked(self):
- ''' Render a "hyperlinked" version of the text '''
+ """ Render a "hyperlinked" version of the text """
return self.plain(hyperlink=1)
def plain(self, escape=0, hyperlink=0):
- ''' Render a "plain" representation of the property
-
- "escape" turns on/off HTML quoting
- "hyperlink" turns on/off in-text hyperlinking of URLs, email
- addresses and designators
- '''
+ """Render a "plain" representation of the property
+
+ - "escape" turns on/off HTML quoting
+ - "hyperlink" turns on/off in-text hyperlinking of URLs, email
+ addresses and designators
+ """
+ if not self.is_view_ok():
+ return self._('[hidden]')
+
if self._value is None:
return ''
if escape:
@@ -925,44 +1444,112 @@ class StringHTMLProperty(HTMLProperty):
s = self.hyper_re.sub(self._hyper_repl, s)
return s
- def stext(self, escape=0):
- ''' Render the value of the property as StructuredText.
+ def wrapped(self, escape=1, hyperlink=1):
+ """Render a "wrapped" representation of the property.
+
+ We wrap long lines at 80 columns on the nearest whitespace. Lines
+ with no whitespace are not broken to force wrapping.
+
+ Note that unlike plain() we default wrapped() to have the escaping
+ and hyperlinking turned on since that's the most common usage.
+
+ - "escape" turns on/off HTML quoting
+ - "hyperlink" turns on/off in-text hyperlinking of URLs, email
+ addresses and designators
+ """
+ if not self.is_view_ok():
+ return self._('[hidden]')
+
+ if self._value is None:
+ return ''
+ s = support.wrap(str(self._value), width=80)
+ if escape:
+ s = cgi.escape(s)
+ if hyperlink:
+ # no, we *must* escape this text
+ if not escape:
+ s = cgi.escape(s)
+ s = self.hyper_re.sub(self._hyper_repl, s)
+ return s
+
+ def stext(self, escape=0, hyperlink=1):
+ """ Render the value of the property as StructuredText.
This requires the StructureText module to be installed separately.
- '''
- s = self.plain(escape=escape)
+ """
+ if not self.is_view_ok():
+ return self._('[hidden]')
+
+ s = self.plain(escape=escape, hyperlink=hyperlink)
if not StructuredText:
return s
return StructuredText(s,level=1,header=0)
- def field(self, size = 30):
- ''' Render a form edit field for the property
- '''
- if self._value is None:
+ def rst(self, hyperlink=1):
+ """ Render the value of the property as ReStructuredText.
+
+ This requires docutils to be installed separately.
+ """
+ if not self.is_view_ok():
+ return self._('[hidden]')
+
+ if not ReStructuredText:
+ return self.plain(escape=0, hyperlink=hyperlink)
+ s = self.plain(escape=0, hyperlink=0)
+ if hyperlink:
+ s = self.hyper_re.sub(self._hyper_repl_rst, s)
+ return ReStructuredText(s, writer_name="html")["html_body"].encode("utf-8",
+ "replace")
+
+ def field(self, **kwargs):
+ """ Render the property as a field in HTML.
+
+ If not editable, just display the value via plain().
+ """
+ if not self.is_edit_ok():
+ return self.plain(escape=1)
+
+ value = self._value
+ if value is None:
value = ''
- else:
- value = cgi.escape(str(self._value))
- value = '"'.join(value.split('"'))
- return self.input(name=self._formname,value=value,size=size)
- def multiline(self, escape=0, rows=5, cols=40):
- ''' Render a multiline form edit field for the property
- '''
+ kwargs.setdefault("size", 30)
+ kwargs.update({"name": self._formname, "value": value})
+ return self.input(**kwargs)
+
+ def multiline(self, escape=0, rows=5, cols=40, **kwargs):
+ """ Render a multiline form edit field for the property.
+
+ If not editable, just display the plain() value in a
tag.
+ """
+ if not self.is_edit_ok():
+ return '
%s
'%self.plain()
+
if self._value is None:
value = ''
else:
value = cgi.escape(str(self._value))
+
value = '"'.join(value.split('"'))
- return ''%(
- self._formname, rows, cols, value)
+ name = self._formname
+ passthrough_args = cgi_escape_attrs(**kwargs)
+ return ('') % locals()
def email(self, escape=1):
- ''' Render the value of the property as an obscured email address
- '''
- if self._value is None: value = ''
- else: value = str(self._value)
- if value.find('@') != -1:
- name, domain = value.split('@')
+ """ Render the value of the property as an obscured email address
+ """
+ if not self.is_view_ok():
+ return self._('[hidden]')
+
+ if self._value is None:
+ value = ''
+ else:
+ value = str(self._value)
+ split = value.split('@')
+ if len(split) == 2:
+ name, domain = split
domain = ' '.join(domain.split('.')[:-1])
name = name.replace('.', ' ')
value = '%s at %s ...'%(name, domain)
@@ -973,163 +1560,348 @@ class StringHTMLProperty(HTMLProperty):
return value
class PasswordHTMLProperty(HTMLProperty):
- def plain(self):
- ''' Render a "plain" representation of the property
- '''
+ def plain(self, escape=0):
+ """ Render a "plain" representation of the property
+ """
+ if not self.is_view_ok():
+ return self._('[hidden]')
+
if self._value is None:
return ''
- return _('*encrypted*')
+ value = self._value.dummystr()
+ if escape:
+ value = cgi.escape(value)
+ return value
- def field(self, size = 30):
- ''' Render a form edit field for the property.
- '''
- return self.input(type="password", name=self._formname, size=size)
+ def field(self, size=30, **kwargs):
+ """ Render a form edit field for the property.
- def confirm(self, size = 30):
- ''' Render a second form edit field for the property, used for
+ If not editable, just display the value via plain().
+ """
+ if not self.is_edit_ok():
+ return self.plain(escape=1)
+
+ return self.input(type="password", name=self._formname, size=size,
+ **kwargs)
+
+ def confirm(self, size=30):
+ """ Render a second form edit field for the property, used for
confirmation that the user typed the password correctly. Generates
a field with name "@confirm@name".
- '''
- return self.input(type="password", name="@confirm@%s"%self._formname,
+
+ If not editable, display nothing.
+ """
+ if not self.is_edit_ok():
+ return ''
+
+ return self.input(type="password",
+ name="@confirm@%s"%self._formname,
+ id="%s-confirm"%self._formname,
size=size)
class NumberHTMLProperty(HTMLProperty):
- def plain(self):
- ''' Render a "plain" representation of the property
- '''
- return str(self._value)
+ def plain(self, escape=0):
+ """ Render a "plain" representation of the property
+ """
+ if not self.is_view_ok():
+ return self._('[hidden]')
- def field(self, size = 30):
- ''' Render a form edit field for the property
- '''
if self._value is None:
+ return ''
+
+ return str(self._value)
+
+ def field(self, size=30, **kwargs):
+ """ Render a form edit field for the property.
+
+ If not editable, just display the value via plain().
+ """
+ if not self.is_edit_ok():
+ return self.plain(escape=1)
+
+ value = self._value
+ if value is None:
value = ''
- else:
- value = cgi.escape(str(self._value))
- value = '"'.join(value.split('"'))
- return self.input(name=self._formname,value=value,size=size)
+
+ return self.input(name=self._formname, value=value, size=size,
+ **kwargs)
def __int__(self):
- ''' Return an int of me
- '''
+ """ Return an int of me
+ """
return int(self._value)
def __float__(self):
- ''' Return a float of me
- '''
+ """ Return a float of me
+ """
return float(self._value)
class BooleanHTMLProperty(HTMLProperty):
- def plain(self):
- ''' Render a "plain" representation of the property
- '''
+ def plain(self, escape=0):
+ """ Render a "plain" representation of the property
+ """
+ if not self.is_view_ok():
+ return self._('[hidden]')
+
if self._value is None:
return ''
- return self._value and "Yes" or "No"
+ return self._value and self._("Yes") or self._("No")
- def field(self):
- ''' Render a form edit field for the property
- '''
- checked = self._value and "checked" or ""
- if self._value:
- s = self.input(type="radio",name=self._formname,value="yes",checked="checked")
- s += 'Yes'
- s +=self.input(type="radio",name=self._formname,value="no")
- s += 'No'
+ def field(self, **kwargs):
+ """ Render a form edit field for the property
+
+ If not editable, just display the value via plain().
+ """
+ if not self.is_edit_ok():
+ return self.plain(escape=1)
+
+ value = self._value
+ if isinstance(value, str) or isinstance(value, unicode):
+ value = value.strip().lower() in ('checked', 'yes', 'true',
+ 'on', '1')
+
+ checked = value and "checked" or ""
+ if value:
+ s = self.input(type="radio", name=self._formname, value="yes",
+ checked="checked", **kwargs)
+ s += self._('Yes')
+ s +=self.input(type="radio", name=self._formname, value="no",
+ **kwargs)
+ s += self._('No')
else:
- s = self.input(type="radio",name=self._formname,value="yes")
- s += 'Yes'
- s +=self.input(type="radio",name=self._formname,value="no",checked="checked")
- s += 'No'
+ s = self.input(type="radio", name=self._formname, value="yes",
+ **kwargs)
+ s += self._('Yes')
+ s +=self.input(type="radio", name=self._formname, value="no",
+ checked="checked", **kwargs)
+ s += self._('No')
return s
class DateHTMLProperty(HTMLProperty):
- def plain(self):
- ''' Render a "plain" representation of the property
- '''
+
+ _marker = []
+
+ def __init__(self, client, classname, nodeid, prop, name, value,
+ anonymous=0, offset=None):
+ HTMLProperty.__init__(self, client, classname, nodeid, prop, name,
+ value, anonymous=anonymous)
+ if self._value and not (isinstance(self._value, str) or
+ isinstance(self._value, unicode)):
+ self._value.setTranslator(self._client.translator)
+ self._offset = offset
+ if self._offset is None :
+ self._offset = self._prop.offset (self._db)
+
+ def plain(self, escape=0):
+ """ Render a "plain" representation of the property
+ """
+ if not self.is_view_ok():
+ return self._('[hidden]')
+
if self._value is None:
return ''
- return str(self._value.local(self._db.getUserTimezone()))
+ if self._offset is None:
+ offset = self._db.getUserTimezone()
+ else:
+ offset = self._offset
+ return str(self._value.local(offset))
- def now(self):
- ''' Return the current time.
+ def now(self, str_interval=None):
+ """ Return the current time.
This is useful for defaulting a new value. Returns a
DateHTMLProperty.
- '''
- return DateHTMLProperty(self._client, self._nodeid, self._prop,
- self._formname, date.Date('.'))
+ """
+ if not self.is_view_ok():
+ return self._('[hidden]')
+
+ ret = date.Date('.', translator=self._client)
+
+ if isinstance(str_interval, basestring):
+ sign = 1
+ if str_interval[0] == '-':
+ sign = -1
+ str_interval = str_interval[1:]
+ interval = date.Interval(str_interval, translator=self._client)
+ if sign > 0:
+ ret = ret + interval
+ else:
+ ret = ret - interval
- def field(self, size = 30):
- ''' Render a form edit field for the property
- '''
- if self._value is None:
+ return DateHTMLProperty(self._client, self._classname, self._nodeid,
+ self._prop, self._formname, ret)
+
+ def field(self, size=30, default=None, format=_marker, popcal=True,
+ **kwargs):
+ """Render a form edit field for the property
+
+ If not editable, just display the value via plain().
+
+ If "popcal" then include the Javascript calendar editor.
+ Default=yes.
+
+ The format string is a standard python strftime format string.
+ """
+ if not self.is_edit_ok():
+ if format is self._marker:
+ return self.plain(escape=1)
+ else:
+ return self.pretty(format)
+
+ value = self._value
+
+ if value is None:
+ if default is None:
+ raw_value = None
+ else:
+ if isinstance(default, basestring):
+ raw_value = date.Date(default, translator=self._client)
+ elif isinstance(default, date.Date):
+ raw_value = default
+ elif isinstance(default, DateHTMLProperty):
+ raw_value = default._value
+ else:
+ raise ValueError, self._('default value for '
+ 'DateHTMLProperty must be either DateHTMLProperty '
+ 'or string date representation.')
+ elif isinstance(value, str) or isinstance(value, unicode):
+ # most likely erroneous input to be passed back to user
+ if isinstance(value, unicode): value = value.encode('utf8')
+ return self.input(name=self._formname, value=value, size=size,
+ **kwargs)
+ else:
+ raw_value = value
+
+ if raw_value is None:
value = ''
+ elif isinstance(raw_value, str) or isinstance(raw_value, unicode):
+ if format is self._marker:
+ value = raw_value
+ else:
+ value = date.Date(raw_value).pretty(format)
else:
- value = cgi.escape(str(self._value.local(self._db.getUserTimezone())))
- value = '"'.join(value.split('"'))
- return self.input(name=self._formname,value=value,size=size)
+ if self._offset is None :
+ offset = self._db.getUserTimezone()
+ else :
+ offset = self._offset
+ value = raw_value.local(offset)
+ if format is not self._marker:
+ value = value.pretty(format)
+
+ s = self.input(name=self._formname, value=value, size=size,
+ **kwargs)
+ if popcal:
+ s += self.popcal()
+ return s
def reldate(self, pretty=1):
- ''' Render the interval between the date and now.
+ """ Render the interval between the date and now.
If the "pretty" flag is true, then make the display pretty.
- '''
+ """
+ if not self.is_view_ok():
+ return self._('[hidden]')
+
if not self._value:
return ''
# figure the interval
- interval = self._value - date.Date('.')
+ interval = self._value - date.Date('.', translator=self._client)
if pretty:
return interval.pretty()
return str(interval)
- _marker = []
def pretty(self, format=_marker):
- ''' Render the date in a pretty format (eg. month names, spaces).
+ """ Render the date in a pretty format (eg. month names, spaces).
The format string is a standard python strftime format string.
Note that if the day is zero, and appears at the start of the
string, then it'll be stripped from the output. This is handy
- for the situatin when a date only specifies a month and a year.
- '''
- if format is not self._marker:
- return self._value.pretty(format)
+ for the situation when a date only specifies a month and a year.
+ """
+ if not self.is_view_ok():
+ return self._('[hidden]')
+
+ if self._offset is None:
+ offset = self._db.getUserTimezone()
+ else:
+ offset = self._offset
+
+ if not self._value:
+ return ''
+ elif format is not self._marker:
+ return self._value.local(offset).pretty(format)
else:
- return self._value.pretty()
+ return self._value.local(offset).pretty()
def local(self, offset):
- ''' Return the date/time as a local (timezone offset) date/time.
- '''
- return DateHTMLProperty(self._client, self._nodeid, self._prop,
- self._formname, self._value.local(offset))
+ """ Return the date/time as a local (timezone offset) date/time.
+ """
+ if not self.is_view_ok():
+ return self._('[hidden]')
+
+ return DateHTMLProperty(self._client, self._classname, self._nodeid,
+ self._prop, self._formname, self._value, offset=offset)
+
+ def popcal(self, width=300, height=200, label="(cal)",
+ form="itemSynopsis"):
+ """Generate a link to a calendar pop-up window.
+
+ item: HTMLProperty e.g.: context.deadline
+ """
+ if self.isset():
+ date = "&date=%s"%self._value
+ else :
+ date = ""
+ return ('%s'%(self._classname, self._name, form, date, width,
+ height, label))
class IntervalHTMLProperty(HTMLProperty):
- def plain(self):
- ''' Render a "plain" representation of the property
- '''
+ def __init__(self, client, classname, nodeid, prop, name, value,
+ anonymous=0):
+ HTMLProperty.__init__(self, client, classname, nodeid, prop,
+ name, value, anonymous)
+ if self._value and not isinstance(self._value, (str, unicode)):
+ self._value.setTranslator(self._client.translator)
+
+ def plain(self, escape=0):
+ """ Render a "plain" representation of the property
+ """
+ if not self.is_view_ok():
+ return self._('[hidden]')
+
if self._value is None:
return ''
return str(self._value)
def pretty(self):
- ''' Render the interval in a pretty format (eg. "yesterday")
- '''
+ """ Render the interval in a pretty format (eg. "yesterday")
+ """
+ if not self.is_view_ok():
+ return self._('[hidden]')
+
return self._value.pretty()
- def field(self, size = 30):
- ''' Render a form edit field for the property
- '''
- if self._value is None:
+ def field(self, size=30, **kwargs):
+ """ Render a form edit field for the property
+
+ If not editable, just display the value via plain().
+ """
+ if not self.is_edit_ok():
+ return self.plain(escape=1)
+
+ value = self._value
+ if value is None:
value = ''
- else:
- value = cgi.escape(str(self._value))
- value = '"'.join(value.split('"'))
- return self.input(name=self._formname,value=value,size=size)
+
+ return self.input(name=self._formname, value=value, size=size,
+ **kwargs)
class LinkHTMLProperty(HTMLProperty):
- ''' Link HTMLProperty
+ """ Link HTMLProperty
Include the above as well as being able to access the class
information. Stringifying the object itself results in the value
from the item being displayed. Accessing attributes of this object
@@ -1137,7 +1909,7 @@ class LinkHTMLProperty(HTMLProperty):
property accessed (so item/assignedto/name would look up the user
entry identified by the assignedto property on item, and then the
name property of that user)
- '''
+ """
def __init__(self, *args, **kw):
HTMLProperty.__init__(self, *args, **kw)
# if we're representing a form value, then the -1 from the form really
@@ -1146,98 +1918,139 @@ class LinkHTMLProperty(HTMLProperty):
self._value = None
def __getattr__(self, attr):
- ''' return a new HTMLItem '''
- #print 'Link.getattr', (self, attr, self._value)
+ """ return a new HTMLItem """
if not self._value:
- raise AttributeError, "Can't access missing value"
- if self._prop.classname == 'user':
- klass = HTMLUser
- else:
- klass = HTMLItem
- i = klass(self._client, self._prop.classname, self._value)
+ # handle a special page templates lookup
+ if attr == '__render_with_namespace__':
+ def nothing(*args, **kw):
+ return ''
+ return nothing
+ msg = self._('Attempt to look up %(attr)s on a missing value')
+ return MissingValue(msg%locals())
+ i = HTMLItem(self._client, self._prop.classname, self._value)
return getattr(i, attr)
def plain(self, escape=0):
- ''' Render a "plain" representation of the property
- '''
+ """ Render a "plain" representation of the property
+ """
+ if not self.is_view_ok():
+ return self._('[hidden]')
+
if self._value is None:
return ''
linkcl = self._db.classes[self._prop.classname]
k = linkcl.labelprop(1)
- value = str(linkcl.get(self._value, k))
+ if num_re.match(self._value):
+ try:
+ value = str(linkcl.get(self._value, k))
+ except IndexError:
+ value = self._value
+ else :
+ value = self._value
if escape:
value = cgi.escape(value)
return value
- def field(self, showid=0, size=None):
- ''' Render a form edit field for the property
- '''
+ def field(self, showid=0, size=None, **kwargs):
+ """ Render a form edit field for the property
+
+ If not editable, just display the value via plain().
+ """
+ if not self.is_edit_ok():
+ return self.plain(escape=1)
+
+ # edit field
linkcl = self._db.getclass(self._prop.classname)
- if linkcl.getprops().has_key('order'):
- sort_on = 'order'
- else:
- sort_on = linkcl.labelprop()
- options = linkcl.filter(None, {}, ('+', sort_on), (None, None))
- # TODO: make this a field display, not a menu one!
- l = ['')
- return '\n'.join(l)
-
- def menu(self, size=None, height=None, showid=0, additional=[],
- **conditions):
- ''' Render a form select list for this property
- '''
- value = self._value
+ value = self._value
+ return self.input(name=self._formname, value=value, size=size,
+ **kwargs)
+
+ def menu(self, size=None, height=None, showid=0, additional=[], value=None,
+ sort_on=None, html_kwargs={}, translate=True, **conditions):
+ """ Render a form select list for this property
+
+ "size" is used to limit the length of the list labels
+ "height" is used to set the