splinext/users/controllers/users.py

   1 import logging
   2 import unicodedata
   3
   4 from wtforms import Form, ValidationError, fields, validators, widgets
   5
   6 from pylons import config, request, response, session, tmpl_context as c, url
   7 from pylons.controllers.util import abort, redirect_to
   8 from routes import request_config
   9 from sqlalchemy.orm.exc import NoResultFound
  10
  11 from spline.model import meta
  12 from spline.lib import helpers as h
  13 from spline.lib.base import BaseController, render
  14 from splinext.users import model as users_model
  15
  16 log = logging.getLogger(__name__)
  17
  18
  19 class ProfileEditForm(Form):
  20     name = fields.TextField(u'Display name', [validators.Required()])
  21
  22     def validate_name(form, field):
  23         if not 1 < len(field.data) <= 20:
  24             raise ValidationError("Name can't be longer than 20 characters")
  25
  26         any_real_characters = False
  27         for char in field.data:
  28             cat = unicodedata.category(char)
  29
  30             # Non-spacing marks and spaces don't count as letters
  31             if cat not in ('Mn', 'Zs'):
  32                 any_real_characters = True
  33
  34             # Disallow control characters, format characters, non-assigned,
  35             # private use, surrogates, spacing-combining marks (for Arabic,
  36             # etc), enclosing marks (millions sign), line-spacing,
  37             # paragraph-spacing.
  38             # This also, thankfully, includes the RTL characters.
  39             if cat in ('Cc', 'Cf', 'Cn', 'Co', 'Cs', 'Mc', 'Me', 'Zl', 'Zp'):
  40                 raise ValidationError("Please don't play stupid Unicode tricks")
  41
  42 class UsersController(BaseController):
  43
  44     def list(self):
  45         c.users = meta.Session.query(users_model.User) \
  46             .order_by(users_model.User.id.asc())
  47         return render('/users/list.mako')
  48
  49     def profile(self, id, name=None):
  50         """Main user profile.
  51
  52         URL is /users/id:name, where 'name' only exists for readability and is
  53         entirely optional and ignored.
  54         """
  55
  56         c.page_user = meta.Session.query(users_model.User).get(id)
  57         if not c.page_user:
  58             abort(404)
  59
  60         return render('/users/profile.mako')
  61
  62     def profile_edit(self, id, name=None):
  63         """Main user profile editing."""
  64         c.page_user = meta.Session.query(users_model.User).get(id)
  65         if not c.page_user:
  66             abort(404)
  67
  68         # XXX could use some real permissions
  69         if c.page_user != c.user:
  70             abort(403)
  71
  72         c.form = ProfileEditForm(request.params,
  73             name=c.page_user.name,
  74         )
  75
  76         if request.method != 'POST' or not c.form.validate():
  77             return render('/users/profile_edit.mako')
  78
  79
  80         c.page_user.name = c.form.name.data
  81
  82         meta.Session.add(c.page_user)
  83         meta.Session.commit()
  84
  85         h.flash('Saved your profile.', icon='tick')
  86
  87         redirect_to(controller='users', action='profile',
  88                     id=c.page_user.id, name=c.page_user.name,
  89                     _code=303)