Mercurial > p > roundup > code
view templates/minimal/html/page.html @ 3971:ff3a8b7d1819 1.4.4
security fixes
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Sat, 01 Mar 2008 08:18:07 +0000 |
| parents | 3a4cce7e77fb |
| children |
line wrap: on
line source
<!-- vim:sw=2 sts=2 --><tal:block metal:define-macro="icing" ><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <title metal:define-slot="head_title">title goes here</title> <link rel="stylesheet" type="text/css" href="@@file/style.css"> <meta http-equiv="Content-Type" tal:attributes="content string:text/html;; charset=${request/client/charset}" /> <script tal:replace="structure request/base_javascript"> </script> <metal:x define-slot="more-javascript" /> </head> <body class="body"> <table class="body" tal:define=" kw_edit python:request.user.hasPermission('Edit', 'keyword'); kw_create python:request.user.hasPermission('Create', 'keyword'); kw_edit_link python:kw_edit and db.keyword.list(); columns string:id,activity,title,creator,status; columns_showall string:id,activity,title,creator,assignedto,status; status_notresolved string:-1,1,2,3,4,5,6,7; " > <tr> <td class="page-header-left"> </td> <td class="page-header-top"> <div id="body-title"> <h2><span metal:define-slot="body_title">body title</span></h2> </div> <div id="searchbox"> <form method="GET" action="issue"> <input type="hidden" name="@columns" tal:attributes="value columns_showall" value="id,activity,title,creator,assignedto,status"/> <input type="hidden" name="@sort" value="activity"/> <input type="hidden" name="@group" value="priority"/> <input id="search-text" name="@search_text" size="10" tal:attributes="value request/search_text"/> <input type="submit" id="submit" name="submit" value="Search" i18n:attributes="value" /> </form> </div> </td> </tr> <tr> <td rowspan="2" valign="top" class="sidebar"> <p class="classblock" tal:condition="python:request.user.hasPermission('View', 'query')"> <span i18n:translate="" ><b>Your Queries</b> (<a href="query?@template=edit">edit</a>)</span><br> <tal:block tal:repeat="qs request/user/queries"> <a href="#" tal:attributes="href string:${qs/klass}?${qs/url}&@dispname=${qs/name}" tal:content="qs/name">link</a><br> </tal:block> </p> <form method="POST" tal:attributes="action request/base"> <p class="classblock" tal:condition="python:request.user.hasPermission('View', 'issue')"> <b i18n:translate="">Issues</b><br> <span tal:condition="python:request.user.hasPermission('Create', 'issue')"> <a href="issue?@template=item" i18n:translate="">Create New</a><br> </span> <a href="#" tal:attributes="href python:request.indexargs_url('issue', { '@sort': '-activity', '@group': 'priority', '@filter': 'status,assignedto', '@columns': columns, '@search_text': '', 'status': status_notresolved, 'assignedto': '-1', '@dispname': i18n.gettext('Show Unassigned'), })" i18n:translate="">Show Unassigned</a><br> <a href="#" tal:attributes="href python:request.indexargs_url('issue', { '@sort': '-activity', '@group': 'priority', '@filter': 'status', '@columns': columns_showall, '@search_text': '', 'status': status_notresolved, '@dispname': i18n.gettext('Show All'), })" i18n:translate="">Show All</a><br> <a href="issue?@template=search" i18n:translate="">Search</a><br> <input type="submit" class="form-small" value="Show issue:" i18n:attributes="value"><input class="form-small" size="4" type="text" name="@number"> <input type="hidden" name="@type" value="issue"> <input type="hidden" name="@action" value="show"> </p> </form> <p class="classblock" tal:condition="python:kw_edit or kw_create"> <b i18n:translate="">Keywords</b><br> <span tal:condition="python:request.user.hasPermission('Create', 'keyword')"> <a href="keyword?@template=item" i18n:translate="">Create New</a><br> </span> <span tal:condition="kw_edit_link"> <a href="keyword?@template=item" i18n:translate="">Edit Existing</a><br> </span> </p> <p class="classblock" tal:condition="python:request.user.hasPermission('View', 'user')"> <b i18n:translate="">Administration</b><br> <span tal:condition="python:request.user.hasPermission('Edit', None)"> <a href="home?@template=classlist" i18n:translate="">Class List</a><br> </span> <span tal:condition="python:request.user.hasPermission('View', 'user') or request.user.hasPermission('Edit', 'user')"> <a href="user" i18n:translate="">User List</a><br> </span> <a tal:condition="python:request.user.hasPermission('Create', 'user')" href="user?@template=item" i18n:translate="">Add User</a> </p> <form method="POST" tal:condition="python:request.user.username=='anonymous'" tal:attributes="action request/base"> <p class="userblock"> <b i18n:translate="">Login</b><br> <input size="10" name="__login_name"><br> <input size="10" type="password" name="__login_password"><br> <input type="hidden" name="@action" value="Login"> <input type="checkbox" name="remember" id="remember"> <label for="remember" i18n:translate="">Remember me?</label><br> <input type="submit" value="Login" i18n:attributes="value"><br> <input type="hidden" name="__came_from" tal:attributes="value string:${request/base}${request/env/PATH_INFO}"> <span tal:replace="structure request/indexargs_form" /> <a href="user?@template=register" tal:condition="python:request.user.hasPermission('Create', 'user')" i18n:translate="">Register</a><br> <a href="user?@template=forgotten" i18n:translate="">Lost your login?</a><br> </p> </form> <p class="userblock" tal:condition="python:request.user.username != 'anonymous'"> <b i18n:translate="">Hello, <span i18n:name="user" tal:replace="python:request.user.username.plain(escape=1)">username</span></b><br> <a href="#" tal:attributes="href string:user${request/user/id}" i18n:translate="">Your Details</a><br> <a href="#" tal:attributes="href python:request.indexargs_url('', {'@action':'logout'})" i18n:translate="">Logout</a> </p> <p class="userblock"> <b i18n:translate="">Help</b><br> <a href="http://roundup.sourceforge.net/doc-1.0/" i18n:translate="">Roundup docs</a> </p> </td> <td> <p tal:condition="options/error_message | nothing" class="error-message" tal:repeat="m options/error_message" tal:content="structure m" /> <p tal:condition="options/ok_message | nothing" class="ok-message"> <span tal:repeat="m options/ok_message" tal:content="structure string:$m <br/ > " /> <a class="form-small" tal:attributes="href request/current_url" i18n:translate="">clear this message</a> </p> </td> </tr> <tr> <td class="content" metal:define-slot="content">Page content goes here</td> </tr> </table> <pre tal:condition="request/form/debug | nothing" tal:content="request"> </pre> </body> </html> </tal:block> <!-- The following macros are intended to be used in search pages. The invoking context must define a "name" variable which names the property being searched. See issue.search.html in the classic template for examples. --> <!-- creates a th and a label: --> <th metal:define-macro="th_label" tal:define="required required | python:[]" tal:attributes="class python:(name in required) and 'required' or nothing"> <label tal:attributes="for name" tal:content="label" i18n:translate="">text</label> <metal:x define-slot="behind_the_label" /> </th> <td metal:define-macro="search_input"> <input tal:attributes="value python:request.form.getvalue(name) or nothing; name name; id name"> </td> <td metal:define-macro="search_date"> <input tal:attributes="value python:request.form.getvalue(name) or nothing; name name; id name"> <a class="classhelp" tal:attributes="href python:'''javascript:help_window('issue?@template=calendar&property=%s&form=itemSynopsis', 300, 200)'''%name">(cal)</a> </td> <td metal:define-macro="search_popup"> <!-- context needs to specify the popup "columns" as a comma-separated string (eg. "id,title" or "id,name,description") as well as name --> <input tal:attributes="value python:request.form.getvalue(name) or nothing; name name; id name"> <span tal:replace="structure python:db.issue.classhelp(columns, property=name)" /> </td> <td metal:define-macro="search_select"> <select tal:attributes="name name; id name" tal:define="value python:request.form.getvalue(name)"> <option value="" i18n:translate="">don't care</option> <metal:slot define-slot="extra_options" /> <option value="" i18n:translate="" disabled="disabled">------------</option> <option tal:repeat="s python:db[db_klass].list()" tal:attributes="value s/id; selected python:value == s.id" tal:content="python:s[db_content]"></option> </select> </td> <!-- like search_select, but translates the further values. Could extend it (METAL 1.1 attribute "extend-macro") --> <td metal:define-macro="search_select_translated"> <select tal:attributes="name name; id name" tal:define="value python:request.form.getvalue(name)"> <option value="" i18n:translate="">don't care</option> <metal:slot define-slot="extra_options" /> <option value="" i18n:translate="" disabled="disabled">------------</option> <option tal:repeat="s python:db[db_klass].list()" tal:attributes="value s/id; selected python:value == s.id" tal:content="python:s[db_content]" i18n:translate=""></option> </select> </td> <!-- currently, there is no convenient API to get a list of all roles --> <td metal:define-macro="search_select_roles" tal:define="onchange onchange | nothing"> <select name=roles id=roles tal:attributes="onchange onchange"> <option value="" i18n:translate="">don't care</option> <option value="" i18n:translate="" disabled="disabled">------------</option> <option value="User">User</option> <option value="Admin">Admin</option> <option value="Anonymous">Anonymous</option> </select> </td> <td metal:define-macro="search_multiselect"> <input tal:attributes="value python:request.form.getvalue(name) or nothing; name name; id name"> <span tal:replace="structure python:db[db_klass].classhelp(db_content, property=name, width='600')" /> </td> <td metal:define-macro="search_checkboxes"> <ul class="search-checkboxes" tal:define="value python:request.form.getvalue(name); values python:value and value.split(',') or []"> <li tal:repeat="s python:db[db_klass].list()"> <input type="checkbox" tal:attributes="name name; id string:$name-${s/id}; value s/id; checked python:s.id in values" /> <label tal:attributes="for string:$name-${s/id}" tal:content="python:s[db_content]" /> </li> <li metal:define-slot="no_value_item"> <input type="checkbox" value="-1" tal:attributes="name name; id string:$name--1; checked python:value == '-1'" /> <label tal:attributes="for string:$name--1" i18n:translate="">no value</label> </li> </ul> </td> <td metal:define-macro="column_input"> <input type="checkbox" name="@columns" tal:attributes="value name; checked python:name in cols"> </td> <td metal:define-macro="sort_input"> <input type="radio" name="@sort" tal:attributes="value name; checked python:name == sort_on"> </td> <td metal:define-macro="group_input"> <input type="radio" name="@group" tal:attributes="value name; checked python:name == group_on"> </td> <!-- The following macros are intended for user editing. The invoking context must define a "name" variable which names the property being searched; the "edit_ok" variable tells whether the current user is allowed to edit. See user.item.html in the classic template for examples. --> <script metal:define-macro="user_utils" type="text/javascript" src="@@file/user_utils.js"></script> <!-- src: value will be re-used for other input fields --> <input metal:define-macro="user_src_input" type="text" tal:attributes="onblur python:edit_ok and 'split_name(this)'; id name; name name; value value; readonly not:edit_ok" value="heinz.kunz"> <!-- normal: no re-using --> <input metal:define-macro="user_normal_input" type="text" tal:attributes="id name; name name; value value; readonly not:edit_ok" value="heinz"> <!-- password: type; no initial value --> <input metal:define-macro="user_pw_input" type="password" tal:attributes="id name; name name; readonly not:edit_ok" value=""> <input metal:define-macro="user_confirm_input" type="password" tal:attributes="id name; name string:@confirm@$name; readonly not:edit_ok" value="">