# HG changeset patch # User Marcin Kuzminski # Date 2010-07-23 22:46:29 # Node ID ebdd1a89cdd9d4aa9b52921aa6d76c754d15b665 # Parent b0715a788432a65b4e0115a749ffad4a7eb755f7 Added extra validation in creating users. new style errors for users diff --git a/pylons_app/controllers/admin/repos.py b/pylons_app/controllers/admin/repos.py --- a/pylons_app/controllers/admin/repos.py +++ b/pylons_app/controllers/admin/repos.py @@ -63,7 +63,7 @@ class ReposController(BaseController): # url('repos') repo_model = RepoModel() _form = RepoForm()() - form_result = None + form_result = {} try: form_result = _form.to_python(dict(request.POST)) repo_model.create(form_result, c.hg_app_user) @@ -82,11 +82,8 @@ class ReposController(BaseController): except Exception: log.error(traceback.format_exc()) - if form_result: - msg = _('error occured during creation of repository %s') \ - % form_result['repo_name'] - else: - msg = _('error occured during creation of repository') + msg = _('error occured during creation of repository %s') \ + % form_result.get('repo_name') h.flash(msg, category='error') return redirect('repos') diff --git a/pylons_app/controllers/admin/users.py b/pylons_app/controllers/admin/users.py --- a/pylons_app/controllers/admin/users.py +++ b/pylons_app/controllers/admin/users.py @@ -2,7 +2,7 @@ # encoding: utf-8 # users controller for pylons # Copyright (C) 2009-2010 Marcin Kuzminski - +# # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; version 2 @@ -17,11 +17,6 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, # MA 02110-1301, USA. -""" -Created on April 4, 2010 -users controller for pylons -@author: marcink -""" from formencode import htmlfill from pylons import request, session, tmpl_context as c, url from pylons.controllers.util import abort, redirect @@ -34,6 +29,12 @@ from pylons_app.model.forms import UserF from pylons_app.model.user_model import UserModel, DefaultUserException import formencode import logging +import traceback +""" +Created on April 4, 2010 +users controller for pylons +@author: marcink +""" log = logging.getLogger(__name__) @@ -70,13 +71,15 @@ class UsersController(BaseController): h.flash(_('created user %s') % form_result['username'], category='success') except formencode.Invalid as errors: - c.form_errors = errors.error_dict return htmlfill.render( - render('admin/users/user_add.html'), + render('admin/users/user_add.html'), defaults=errors.value, - encoding="UTF-8") + errors=errors.error_dict or {}, + prefix_error=False, + encoding="UTF-8") except Exception: - h.flash(_('error occured during creation of user') \ + log.error(traceback.format_exc()) + h.flash(_('error occured during creation of user %s') \ % request.POST.get('username'), category='error') return redirect(url('users')) @@ -94,7 +97,8 @@ class UsersController(BaseController): # method='put') # url('user', id=ID) user_model = UserModel() - _form = UserForm(edit=True)() + _form = UserForm(edit=True, old_data={'user_id':id})() + form_result = {} try: form_result = _form.to_python(dict(request.POST)) user_model.update(id, form_result) @@ -102,14 +106,16 @@ class UsersController(BaseController): except formencode.Invalid as errors: c.user = user_model.get_user(id) - c.form_errors = errors.error_dict return htmlfill.render( - render('admin/users/user_edit.html'), + render('admin/users/user_edit.html'), defaults=errors.value, - encoding="UTF-8") + errors=errors.error_dict or {}, + prefix_error=False, + encoding="UTF-8") except Exception: + log.error(traceback.format_exc()) h.flash(_('error occured during update of user %s') \ - % form_result['username'], category='error') + % form_result.get('username'), category='error') return redirect(url('users')) diff --git a/pylons_app/model/forms.py b/pylons_app/model/forms.py --- a/pylons_app/model/forms.py +++ b/pylons_app/model/forms.py @@ -52,11 +52,26 @@ class ValidAuthToken(formencode.validato if value != authentication_token(): raise formencode.Invalid(self.message('invalid_token', state, search_number=value), value, state) -class ValidUsername(formencode.validators.FancyValidator): - - def validate_python(self, value, state): - if value in ['default', 'new_user']: - raise formencode.Invalid(_('Invalid username'), value, state) + +def ValidUsername(edit, old_data): + class _ValidUsername(formencode.validators.FancyValidator): + + def validate_python(self, value, state): + if value in ['default', 'new_user']: + raise formencode.Invalid(_('Invalid username'), value, state) + #check if user is uniq + sa = meta.Session + old_un = None + if edit: + old_un = sa.query(User).get(old_data.get('user_id')).username + + if old_un != value or not edit: + if sa.query(User).filter(User.username == value).scalar(): + raise formencode.Invalid(_('This username already exists') , + value, state) + meta.Session.remove() + + return _ValidUsername class ValidPassword(formencode.validators.FancyValidator): @@ -233,16 +248,16 @@ class LoginForm(formencode.Schema): #chained validators have access to all data chained_validators = [ValidAuth] -def UserForm(edit=False): +def UserForm(edit=False, old_data={}): class _UserForm(formencode.Schema): allow_extra_fields = True filter_extra_fields = True - username = All(UnicodeString(strip=True, min=3, not_empty=True), ValidUsername) + username = All(UnicodeString(strip=True, min=3, not_empty=True), ValidUsername(edit, old_data)) if edit: new_password = All(UnicodeString(strip=True, min=3, not_empty=False), ValidPassword) admin = StringBoolean(if_missing=False) else: - password = All(UnicodeString(strip=True, min=3, not_empty=False), ValidPassword) + password = All(UnicodeString(strip=True, min=8, not_empty=True), ValidPassword) active = StringBoolean(if_missing=False) name = UnicodeString(strip=True, min=3, not_empty=True) lastname = UnicodeString(strip=True, min=3, not_empty=True)