View helpers¶
Coaster provides functions and decorators for common scenarios in view handlers.
-
exception
coaster.views.
RequestTypeError
(description=None, response=None)[source]¶ Exception that combines TypeError with BadRequest. Used by
requestargs()
.
-
exception
coaster.views.
RequestValueError
(description=None, response=None)[source]¶ Exception that combines ValueError with BadRequest. Used by
requestargs()
.
-
coaster.views.
get_current_url
()[source]¶ Return the current URL including the query string as a relative path. If the app uses subdomains, return an absolute path
-
coaster.views.
get_next_url
(referrer=False, external=False, session=False, default=[])[source]¶ Get the next URL to redirect to. Don’t return external URLs unless explicitly asked for. This is to protect the site from being an unwitting redirector to external URLs. Subdomains are okay, however.
This function looks for a
next
parameter in the request or in the session (depending on whether parametersession
is True). If nonext
is present, it checks the referrer (if enabled), and finally returns either the provided default (which can be any value includingNone
) orurl_for('index')
. If your app does not have a URL endpoint namedindex
,/
is returned.
-
coaster.views.
jsonp
(*args, **kw)[source]¶ Returns a JSON response with a callback wrapper, if asked for.
-
coaster.views.
load_model
(model, attributes=None, parameter=None, workflow=False, kwargs=False, permission=None, addlperms=None)[source]¶ Decorator to load a model given a query parameter.
Typical usage:
@app.route('/<profile>') @load_model(Profile, {'name': 'profile'}, 'profileob') def profile_view(profileob): # 'profileob' is now a Profile model instance. The load_model decorator replaced this: # profileob = Profile.query.filter_by(name=profile).first_or_404() return "Hello, %s" % profileob.name
Using the same name for request and parameter makes code easier to understand:
@app.route('/<profile>') @load_model(Profile, {'name': 'profile'}, 'profile') def profile_view(profile): return "Hello, %s" % profile.name
load_model
aborts with a 404 if no instance is found.load_model
also recognizes queries tourl_name
ofBaseIdNameMixin
instances and will automatically load the model. TODO: that should be handled by the model, not here.Parameters: - model – The SQLAlchemy model to query. Must contain a
query
object (which is the default with Flask-SQLAlchemy) - attributes – A dict of attributes (from the URL request) that will be used to query for the object. For each key:value pair, the key is the name of the column on the model and the value is the name of the request parameter that contains the data
- parameter – The name of the parameter to the decorated function via which the result is passed. Usually the same as the attribute. If the parameter name is prefixed with ‘g.’, the parameter is also made available as g.<parameter>
- workflow – If True, the method
workflow()
of the instance is called and the resulting workflow object is passed to the decorated function instead of the instance itself - kwargs – If True, the original request parameters are passed to the decorated
function as a
kwargs
parameter - permission – If present,
load_model
calls thepermissions()
method of the retrieved object withg.user
as a parameter. Ifpermission
is not present in the result,load_model
aborts with a 403.g
is the Flask request context object and you are expected to setup a request environment in whichg.user
is the currently logged in user. Flask-Lastuser does this automatically for you. The permission may be a string or a list of strings, in which case access is allowed if any of the listed permissions are available - addlperms – Iterable or callable that returns an iterable containing additional
permissions available to the user, apart from those granted by the models. In an app
that uses Lastuser for authentication, passing
lastuser.permissions
will pass through permissions granted via Lastuser
- model – The SQLAlchemy model to query. Must contain a
-
coaster.views.
load_models
(*chain, **kwargs)[source]¶ Decorator to load a chain of models from the given parameters. This works just like
load_model()
and accepts the same parameters, with some small differences.Parameters: - chain – The chain is a list of tuples of (
model
,attributes
,parameter
). Lists and tuples can be used interchangeably. All retrieved instances are passed as parameters to the decorated function - workflow – Like with
load_model()
,workflow()
is called on the last instance in the chain, and only the resulting workflow object is passed to the decorated function - permission – Same as in
load_model()
, exceptpermissions()
is called on every instance in the chain and the retrieved permissions are passed as the second parameter to the next instance in the chain. This allows later instances to revoke permissions granted by earlier instances. As an example, if a URL represents a hierarchy such as/<page>/<comment>
, thepage
can assignedit
anddelete
permissions, while thecomment
can revokeedit
and retaindelete
if the current user owns the page but not the comment
In the following example, load_models loads a Folder with a name matching the name in the URL, then loads a Page with a matching name and with the just-loaded Folder as parent. If the Page provides a ‘view’ permission to the current user (g.user), the decorated function is called:
@app.route('/<folder_name>/<page_name>') @load_models( (Folder, {'name': 'folder_name'}, 'folder'), (Page, {'name': 'page_name', 'parent': 'folder'}, 'page'), permission='view') def show_page(folder, page): return render_template('page.html', folder=folder, page=page)
- chain – The chain is a list of tuples of (
-
coaster.views.
render_with
(template, json=False, jsonp=False)[source]¶ Decorator to render the wrapped method with the given template (or dictionary of mimetype keys to templates, where the template is a string name of a template file or a callable that returns a Response). The method’s return value must be a dictionary and is passed to the template as parameters. Callable templates get a single parameter with the method’s return value. Usage:
@app.route('/myview') @render_with('myview.html') def myview(): return {'data': 'value'} @app.route('/myview_with_json') @render_with('myview.html', json=True) def myview_no_json(): return {'data': 'value'} @app.route('/otherview') @render_with({ 'text/html': 'otherview.html', 'text/xml': 'otherview.xml'}) def otherview(): return {'data': 'value'} @app.route('/404view') @render_with('myview.html') def myview(): return {'error': '404 Not Found'}, 404 @app.route('/headerview') @render_with('myview.html') def myview(): return {'data': 'value'}, 200, {'X-Header': 'Header value'}
When a mimetype is specified and the template is not a callable, the response is returned with the same mimetype. Callable templates must return Response objects to ensure the correct mimetype is set.
If a dictionary of templates is provided and does not include a handler for
*/*
, render_with will attempt to use the handler for (in order)text/html
,text/plain
and the various JSON types, falling back to rendering the value into a unicode string.If the method is called outside a request context, the wrapped method’s original return value is returned. This is meant to facilitate testing and should not be used to call the method from within another view handler as the presence of a request context will trigger template rendering.
Rendering may also be suspended by calling the view handler with
_render=False
.render_with provides JSON and JSONP handlers for the
application/json
,text/json
andtext/x-json
mimetypes ifjson
orjsonp
is True (default is False).Parameters: - template – Single template, or dictionary of MIME type to templates. If the template is a callable, it is called with the output of the wrapped function
- json – Helper to add a JSON handler (default is False)
- jsonp – Helper to add a JSONP handler (if True, also provides JSON, default is False)
-
coaster.views.
requestargs
(*vars)[source]¶ Decorator that loads parameters from request.values if not specified in the function’s keyword arguments. Usage:
@requestargs('param1', ('param2', int), 'param3[]', ...) def function(param1, param2=0, param3=None): ...
requestargs takes a list of parameters to pass to the wrapped function, with an optional filter (useful to convert incoming string request data into integers and other common types). If a required parameter is missing and your function does not specify a default value, Python will raise TypeError. requestargs recasts this as
RequestTypeError
, which returns HTTP 400 Bad Request.If the parameter name ends in
[]
, requestargs will attempt to read a list from the incoming data. Filters are applied to each member of the list, not to the whole list.If the filter raises a ValueError, this is recast as a
RequestValueError
, which also returns HTTP 400 Bad Request.Tests:
>>> from flask import Flask >>> app = Flask(__name__) >>> >>> @requestargs('p1', ('p2', int), ('p3[]', int)) ... def f(p1, p2=None, p3=None): ... return p1, p2, p3 ... >>> f(p1=1) (1, None, None) >>> f(p1=1, p2=2) (1, 2, None) >>> f(p1='a', p2='b') ('a', 'b', None) >>> with app.test_request_context('/?p2=2'): ... f(p1='1') ... ('1', 2, None) >>> with app.test_request_context('/?p3=1&p3=2'): ... f(p1='1', p2='2') ... ('1', '2', [1, 2])