Mercurial > p > roundup > code
comparison roundup/cgi/actions.py @ 5192:302e3a1a7190
Three sets of changes:
1) Make sure that a user doesn't create a query with the same name
as an existing query that the user owns.
2) When submitting a new named query, display the name of the query
on the index page.
3) Allow optional arguments to indexargs_url by setting their value
to None. This will show the argument only if there is a valid
value.
To match these, changed the template for all search templates so if an
error is thrown due to #1 the user stays on the search page so they
can fix the issue.
Note that I did not add automated tests for these because I couldn't
find existing tests for these code paths that I could adapt. I don't
understand how the existing Action tests work and there is no doc for
them.
| author | rouilj@uland |
|---|---|
| date | Wed, 08 Mar 2017 22:04:15 -0500 |
| parents | 4f99aad7e8e8 |
| children | a9ace22e0a2f |
comparison
equal
deleted
inserted
replaced
| 5191:fe52cab8f5b5 | 5192:302e3a1a7190 |
|---|---|
| 297 url = self.getCurrentURL(req) | 297 url = self.getCurrentURL(req) |
| 298 | 298 |
| 299 key = self.db.query.getkey() | 299 key = self.db.query.getkey() |
| 300 if key: | 300 if key: |
| 301 # edit the old way, only one query per name | 301 # edit the old way, only one query per name |
| 302 # Note that use of queryname as key will automatically | |
| 303 # raise an error if there are duplicate names. | |
| 302 try: | 304 try: |
| 303 qid = self.db.query.lookup(old_queryname) | 305 qid = self.db.query.lookup(old_queryname) |
| 304 if not self.hasPermission('Edit', 'query', itemid=qid): | 306 if not self.hasPermission('Edit', 'query', itemid=qid): |
| 305 raise exceptions.Unauthorised(self._( | 307 raise exceptions.Unauthorised(self._( |
| 306 "You do not have permission to edit queries")) | 308 "You do not have permission to edit queries")) |
| 311 raise exceptions.Unauthorised(self._( | 313 raise exceptions.Unauthorised(self._( |
| 312 "You do not have permission to store queries")) | 314 "You do not have permission to store queries")) |
| 313 qid = self.db.query.create(name=queryname, | 315 qid = self.db.query.create(name=queryname, |
| 314 klass=self.classname, url=url) | 316 klass=self.classname, url=url) |
| 315 else: | 317 else: |
| 318 uid = self.db.getuid() | |
| 319 | |
| 320 # if the queryname is being changed from the old | |
| 321 # (original) value, make sure new queryname is not | |
| 322 # already in use by user. | |
| 323 # if in use, return to edit/search screen and let | |
| 324 # user change it. | |
| 325 | |
| 326 if old_queryname != queryname: | |
| 327 # we have a name change | |
| 328 qids = self.db.query.filter(None, {'name': queryname, | |
| 329 'creator': uid}) | |
| 330 for qid in qids: | |
| 331 # require an exact name match | |
| 332 if queryname != self.db.query.get(qid, 'name'): | |
| 333 continue | |
| 334 # whoops we found a duplicate; report error and return | |
| 335 message=_("You already own a query named '%s'. Please choose another name.")%(queryname) | |
| 336 self.client.add_error_message(message) | |
| 337 return | |
| 338 | |
| 316 # edit the new way, query name not a key any more | 339 # edit the new way, query name not a key any more |
| 317 # see if we match an existing private query | 340 # see if we match an existing private query |
| 318 uid = self.db.getuid() | |
| 319 qids = self.db.query.filter(None, {'name': old_queryname, | 341 qids = self.db.query.filter(None, {'name': old_queryname, |
| 320 'private_for': uid}) | 342 'private_for': uid}) |
| 321 if not qids: | 343 if not qids: |
| 322 # ok, so there's not a private query for the current user | 344 # ok, so there's not a private query for the current user |
| 323 # - see if there's one created by them | 345 # - see if there's one created by them |
| 348 queries.append(qid) | 370 queries.append(qid) |
| 349 self.db.user.set(self.userid, queries=queries) | 371 self.db.user.set(self.userid, queries=queries) |
| 350 | 372 |
| 351 # commit the query change to the database | 373 # commit the query change to the database |
| 352 self.db.commit() | 374 self.db.commit() |
| 375 | |
| 376 # This redirects to the index page. Add the @dispname | |
| 377 # url param to the request so that the query name | |
| 378 # is displayed. | |
| 379 req.form.list.append( | |
| 380 cgi.MiniFieldStorage( | |
| 381 "@dispname", queryname | |
| 382 ) | |
| 383 ) | |
| 384 | |
| 353 | 385 |
| 354 def fakeFilterVars(self): | 386 def fakeFilterVars(self): |
| 355 """Add a faked :filter form variable for each filtering prop.""" | 387 """Add a faked :filter form variable for each filtering prop.""" |
| 356 cls = self.db.classes[self.classname] | 388 cls = self.db.classes[self.classname] |
| 357 for key in self.form: | 389 for key in self.form: |