diff options
Diffstat (limited to 'app/static/doc/flask-docs/tutorial/views.html')
| -rw-r--r-- | app/static/doc/flask-docs/tutorial/views.html | 206 |
1 files changed, 206 insertions, 0 deletions
diff --git a/app/static/doc/flask-docs/tutorial/views.html b/app/static/doc/flask-docs/tutorial/views.html new file mode 100644 index 0000000..feed988 --- /dev/null +++ b/app/static/doc/flask-docs/tutorial/views.html @@ -0,0 +1,206 @@ + +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + + +<html xmlns="http://www.w3.org/1999/xhtml"> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> + + <title>Step 5: The View Functions — Flask 0.8 documentation</title> + + <link rel="stylesheet" href="../_static/flasky.css" type="text/css" /> + <link rel="stylesheet" href="../_static/pygments.css" type="text/css" /> + + <script type="text/javascript"> + var DOCUMENTATION_OPTIONS = { + URL_ROOT: '../', + VERSION: '0.8', + COLLAPSE_INDEX: false, + FILE_SUFFIX: '.html', + HAS_SOURCE: true + }; + </script> + <script type="text/javascript" src="../_static/jquery.js"></script> + <script type="text/javascript" src="../_static/underscore.js"></script> + <script type="text/javascript" src="../_static/doctools.js"></script> + <link rel="top" title="Flask 0.8 documentation" href="../index.html" /> + <link rel="up" title="Tutorial" href="index.html" /> + <link rel="next" title="Step 6: The Templates" href="templates.html" /> + <link rel="prev" title="Step 4: Request Database Connections" href="dbcon.html" /> + + + <link rel="apple-touch-icon" href="../_static/touch-icon.png" /> + + <link media="only screen and (max-device-width: 480px)" href="../_static/small_flask.css" type= "text/css" rel="stylesheet" /> + + </head> + <body> + <div class="related"> + <h3>Navigation</h3> + <ul> + <li class="right" style="margin-right: 10px"> + <a href="../genindex.html" title="General Index" + accesskey="I">index</a></li> + <li class="right" > + <a href="templates.html" title="Step 6: The Templates" + accesskey="N">next</a> |</li> + <li class="right" > + <a href="dbcon.html" title="Step 4: Request Database Connections" + accesskey="P">previous</a> |</li> + <li><a href="../index.html">Flask 0.8 documentation</a> »</li> + <li><a href="index.html" accesskey="U">Tutorial</a> »</li> + </ul> + </div> + + <div class="document"> + <div class="documentwrapper"> + <div class="bodywrapper"> + <div class="body"> + + <div class="section" id="step-5-the-view-functions"> +<span id="tutorial-views"></span><h1>Step 5: The View Functions<a class="headerlink" href="#step-5-the-view-functions" title="Permalink to this headline">¶</a></h1> +<p>Now that the database connections are working we can start writing the +view functions. We will need four of them:</p> +<div class="section" id="show-entries"> +<h2>Show Entries<a class="headerlink" href="#show-entries" title="Permalink to this headline">¶</a></h2> +<p>This view shows all the entries stored in the database. It listens on the +root of the application and will select title and text from the database. +The one with the highest id (the newest entry) will be on top. The rows +returned from the cursor are tuples with the columns ordered like specified +in the select statement. This is good enough for small applications like +here, but you might want to convert them into a dict. If you are +interested in how to do that, check out the <a class="reference internal" href="../patterns/sqlite3.html#easy-querying"><em>Easy Querying</em></a> example.</p> +<p>The view function will pass the entries as dicts to the +<cite>show_entries.html</cite> template and return the rendered one:</p> +<div class="highlight-python"><div class="highlight"><pre><span class="nd">@app.route</span><span class="p">(</span><span class="s">'/'</span><span class="p">)</span> +<span class="k">def</span> <span class="nf">show_entries</span><span class="p">():</span> + <span class="n">cur</span> <span class="o">=</span> <span class="n">g</span><span class="o">.</span><span class="n">db</span><span class="o">.</span><span class="n">execute</span><span class="p">(</span><span class="s">'select title, text from entries order by id desc'</span><span class="p">)</span> + <span class="n">entries</span> <span class="o">=</span> <span class="p">[</span><span class="nb">dict</span><span class="p">(</span><span class="n">title</span><span class="o">=</span><span class="n">row</span><span class="p">[</span><span class="mi">0</span><span class="p">],</span> <span class="n">text</span><span class="o">=</span><span class="n">row</span><span class="p">[</span><span class="mi">1</span><span class="p">])</span> <span class="k">for</span> <span class="n">row</span> <span class="ow">in</span> <span class="n">cur</span><span class="o">.</span><span class="n">fetchall</span><span class="p">()]</span> + <span class="k">return</span> <span class="n">render_template</span><span class="p">(</span><span class="s">'show_entries.html'</span><span class="p">,</span> <span class="n">entries</span><span class="o">=</span><span class="n">entries</span><span class="p">)</span> +</pre></div> +</div> +</div> +<div class="section" id="add-new-entry"> +<h2>Add New Entry<a class="headerlink" href="#add-new-entry" title="Permalink to this headline">¶</a></h2> +<p>This view lets the user add new entries if they are logged in. This only +responds to <cite>POST</cite> requests, the actual form is shown on the +<cite>show_entries</cite> page. If everything worked out well we will +<a class="reference internal" href="../api.html#flask.flash" title="flask.flash"><tt class="xref py py-func docutils literal"><span class="pre">flash()</span></tt></a> an information message to the next request and +redirect back to the <cite>show_entries</cite> page:</p> +<div class="highlight-python"><div class="highlight"><pre><span class="nd">@app.route</span><span class="p">(</span><span class="s">'/add'</span><span class="p">,</span> <span class="n">methods</span><span class="o">=</span><span class="p">[</span><span class="s">'POST'</span><span class="p">])</span> +<span class="k">def</span> <span class="nf">add_entry</span><span class="p">():</span> + <span class="k">if</span> <span class="ow">not</span> <span class="n">session</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">'logged_in'</span><span class="p">):</span> + <span class="n">abort</span><span class="p">(</span><span class="mi">401</span><span class="p">)</span> + <span class="n">g</span><span class="o">.</span><span class="n">db</span><span class="o">.</span><span class="n">execute</span><span class="p">(</span><span class="s">'insert into entries (title, text) values (?, ?)'</span><span class="p">,</span> + <span class="p">[</span><span class="n">request</span><span class="o">.</span><span class="n">form</span><span class="p">[</span><span class="s">'title'</span><span class="p">],</span> <span class="n">request</span><span class="o">.</span><span class="n">form</span><span class="p">[</span><span class="s">'text'</span><span class="p">]])</span> + <span class="n">g</span><span class="o">.</span><span class="n">db</span><span class="o">.</span><span class="n">commit</span><span class="p">()</span> + <span class="n">flash</span><span class="p">(</span><span class="s">'New entry was successfully posted'</span><span class="p">)</span> + <span class="k">return</span> <span class="n">redirect</span><span class="p">(</span><span class="n">url_for</span><span class="p">(</span><span class="s">'show_entries'</span><span class="p">))</span> +</pre></div> +</div> +<p>Note that we check that the user is logged in here (the <cite>logged_in</cite> key is +present in the session and <cite>True</cite>).</p> +<div class="admonition-security-note admonition "> +<p class="first admonition-title">Security Note</p> +<p class="last">Be sure to use question marks when building SQL statements, as done in the +example above. Otherwise, your app will be vulnerable to SQL injection when +you use string formatting to build SQL statements. +See <a class="reference internal" href="../patterns/sqlite3.html#sqlite3"><em>Using SQLite 3 with Flask</em></a> for more.</p> +</div> +</div> +<div class="section" id="login-and-logout"> +<h2>Login and Logout<a class="headerlink" href="#login-and-logout" title="Permalink to this headline">¶</a></h2> +<p>These functions are used to sign the user in and out. Login checks the +username and password against the ones from the configuration and sets the +<cite>logged_in</cite> key in the session. If the user logged in successfully, that +key is set to <cite>True</cite>, and the user is redirected back to the <cite>show_entries</cite> +page. In addition, a message is flashed that informs the user that he or +she was logged in successfully. If an error occurred, the template is +notified about that, and the user is asked again:</p> +<div class="highlight-python"><div class="highlight"><pre><span class="nd">@app.route</span><span class="p">(</span><span class="s">'/login'</span><span class="p">,</span> <span class="n">methods</span><span class="o">=</span><span class="p">[</span><span class="s">'GET'</span><span class="p">,</span> <span class="s">'POST'</span><span class="p">])</span> +<span class="k">def</span> <span class="nf">login</span><span class="p">():</span> + <span class="n">error</span> <span class="o">=</span> <span class="bp">None</span> + <span class="k">if</span> <span class="n">request</span><span class="o">.</span><span class="n">method</span> <span class="o">==</span> <span class="s">'POST'</span><span class="p">:</span> + <span class="k">if</span> <span class="n">request</span><span class="o">.</span><span class="n">form</span><span class="p">[</span><span class="s">'username'</span><span class="p">]</span> <span class="o">!=</span> <span class="n">app</span><span class="o">.</span><span class="n">config</span><span class="p">[</span><span class="s">'USERNAME'</span><span class="p">]:</span> + <span class="n">error</span> <span class="o">=</span> <span class="s">'Invalid username'</span> + <span class="k">elif</span> <span class="n">request</span><span class="o">.</span><span class="n">form</span><span class="p">[</span><span class="s">'password'</span><span class="p">]</span> <span class="o">!=</span> <span class="n">app</span><span class="o">.</span><span class="n">config</span><span class="p">[</span><span class="s">'PASSWORD'</span><span class="p">]:</span> + <span class="n">error</span> <span class="o">=</span> <span class="s">'Invalid password'</span> + <span class="k">else</span><span class="p">:</span> + <span class="n">session</span><span class="p">[</span><span class="s">'logged_in'</span><span class="p">]</span> <span class="o">=</span> <span class="bp">True</span> + <span class="n">flash</span><span class="p">(</span><span class="s">'You were logged in'</span><span class="p">)</span> + <span class="k">return</span> <span class="n">redirect</span><span class="p">(</span><span class="n">url_for</span><span class="p">(</span><span class="s">'show_entries'</span><span class="p">))</span> + <span class="k">return</span> <span class="n">render_template</span><span class="p">(</span><span class="s">'login.html'</span><span class="p">,</span> <span class="n">error</span><span class="o">=</span><span class="n">error</span><span class="p">)</span> +</pre></div> +</div> +<p>The logout function, on the other hand, removes that key from the session +again. We use a neat trick here: if you use the <a class="reference external" href="http://docs.python.org/dev/library/stdtypes.html#dict.pop" title="(in Python v3.3)"><tt class="xref py py-meth docutils literal"><span class="pre">pop()</span></tt></a> method +of the dict and pass a second parameter to it (the default), the method +will delete the key from the dictionary if present or do nothing when that +key is not in there. This is helpful because now we don’t have to check +if the user was logged in.</p> +<div class="highlight-python"><div class="highlight"><pre><span class="nd">@app.route</span><span class="p">(</span><span class="s">'/logout'</span><span class="p">)</span> +<span class="k">def</span> <span class="nf">logout</span><span class="p">():</span> + <span class="n">session</span><span class="o">.</span><span class="n">pop</span><span class="p">(</span><span class="s">'logged_in'</span><span class="p">,</span> <span class="bp">None</span><span class="p">)</span> + <span class="n">flash</span><span class="p">(</span><span class="s">'You were logged out'</span><span class="p">)</span> + <span class="k">return</span> <span class="n">redirect</span><span class="p">(</span><span class="n">url_for</span><span class="p">(</span><span class="s">'show_entries'</span><span class="p">))</span> +</pre></div> +</div> +<p>Continue with <a class="reference internal" href="templates.html#tutorial-templates"><em>Step 6: The Templates</em></a>.</p> +</div> +</div> + + + </div> + </div> + </div> + <div class="sphinxsidebar"> + <div class="sphinxsidebarwrapper"><p class="logo"><a href="../index.html"> + <img class="logo" src="../_static/flask.png" alt="Logo"/> +</a></p> + <h3><a href="../index.html">Table Of Contents</a></h3> + <ul> +<li><a class="reference internal" href="#">Step 5: The View Functions</a><ul> +<li><a class="reference internal" href="#show-entries">Show Entries</a></li> +<li><a class="reference internal" href="#add-new-entry">Add New Entry</a></li> +<li><a class="reference internal" href="#login-and-logout">Login and Logout</a></li> +</ul> +</li> +</ul> +<h3>Related Topics</h3> +<ul> + <li><a href="../index.html">Documentation overview</a><ul> + <li><a href="index.html">Tutorial</a><ul> + <li>Previous: <a href="dbcon.html" title="previous chapter">Step 4: Request Database Connections</a></li> + <li>Next: <a href="templates.html" title="next chapter">Step 6: The Templates</a></li> + </ul></li> + </ul></li> +</ul> + <h3>This Page</h3> + <ul class="this-page-menu"> + <li><a href="../_sources/tutorial/views.txt" + rel="nofollow">Show Source</a></li> + </ul> +<div id="searchbox" style="display: none"> + <h3>Quick search</h3> + <form class="search" action="../search.html" method="get"> + <input type="text" name="q" /> + <input type="submit" value="Go" /> + <input type="hidden" name="check_keywords" value="yes" /> + <input type="hidden" name="area" value="default" /> + </form> + <p class="searchtip" style="font-size: 90%"> + Enter search terms or a module, class or function name. + </p> +</div> +<script type="text/javascript">$('#searchbox').show(0);</script> + </div> + </div> + <div class="clearer"></div> + </div> + <div class="footer"> + © Copyright 2010, Armin Ronacher. + Created using <a href="http://sphinx.pocoo.org/">Sphinx</a>. + </div> + </body> +</html>
\ No newline at end of file |