X-Git-Url: http://git.veekun.com/zzz-spline-users.git/blobdiff_plain/3036be98ef57c54a3c06ac55d9b96432cfeaad90..ef84ec8cca82b01bdec296d7c02001b7b212ff5f:/spline/plugins/users/controllers/users.py diff --git a/spline/plugins/users/controllers/users.py b/spline/plugins/users/controllers/users.py index d64d39f..6cb36d5 100644 --- a/spline/plugins/users/controllers/users.py +++ b/spline/plugins/users/controllers/users.py @@ -1,4 +1,7 @@ import logging +import unicodedata + +from wtforms import Form, ValidationError, fields, validators, widgets from pylons import config, request, response, session, tmpl_context as c, url from pylons.controllers.util import abort, redirect_to @@ -12,6 +15,30 @@ from spline.lib.base import BaseController, render log = logging.getLogger(__name__) + +class ProfileEditForm(Form): + name = fields.TextField(u'Display name', [validators.Required()]) + + def validate_name(form, field): + if not 1 < len(field.data) <= 20: + raise ValidationError("Name can't be longer than 20 characters") + + any_real_characters = False + for char in field.data: + cat = unicodedata.category(char) + + # Non-spacing marks and spaces don't count as letters + if cat not in ('Mn', 'Zs'): + any_real_characters = True + + # Disallow control characters, format characters, non-assigned, + # private use, surrogates, spacing-combining marks (for Arabic, + # etc), enclosing marks (millions sign), line-spacing, + # paragraph-spacing. + # This also, thankfully, includes the RTL characters. + if cat in ('Cc', 'Cf', 'Cn', 'Co', 'Cs', 'Mc', 'Me', 'Zl', 'Zp'): + raise ValidationError("Please don't play stupid Unicode tricks") + class UsersController(BaseController): def index(self): @@ -20,8 +47,8 @@ class UsersController(BaseController): # or, Return a response return 'stub' - def view(self, id, name=None): - """User page. + def profile(self, id, name=None): + """Main user profile. URL is /users/id:name, where 'name' only exists for readability and is entirely optional and ignored. @@ -31,4 +58,33 @@ class UsersController(BaseController): if not c.page_user: abort(404) - return render('/users/view.mako') + return render('/users/profile.mako') + + def profile_edit(self, id, name=None): + """Main user profile editing.""" + c.page_user = meta.Session.query(model.User).get(id) + if not c.page_user: + abort(404) + + # XXX could use some real permissions + if c.page_user != c.user: + abort(403) + + c.form = ProfileEditForm(request.params, + name=c.page_user.name, + ) + + if request.method != 'POST' or not c.form.validate(): + return render('/users/profile_edit.mako') + + + c.page_user.name = c.form.name.data + + meta.Session.add(c.page_user) + meta.Session.commit() + + h.flash('Saved your profile.', icon='tick') + + redirect_to(controller='users', action='profile', + id=c.page_user.id, name=c.page_user.name.lower(), + _code=303)