[FE-discuss] (no subject)

Hi again!

I hope this is the true list now :) Sorry, it was my fault...

> > How do you work with FormEncode + Webware? I think on a way and 
> > implement something,  I wrote a class to handle the form validation
> and 
> > the error processing:
> > 
> > # file: FormServlet.py
> > from validator import htmlfill
> > from validator.schema import Schema
> > from validator import validators
> > from validator.variabledecode import NestedVariables
> > 
> > class StandardSchema(Schema):
> >  name=validators.NotEmpty()
> >  age=validators.Int()
> > 
> > class FormServlet:
> >  schema=StandardSchema
> >  def processForm(self):
> >    rawFields=self.request().fields()
> >    dictFields=validators.to_python(NestedVariables, rawFields)
> >    if not rawFields: # this time the form was not submitted, is it
> true?
> >      pass
> >    else: # if the form was submitted
> >      # first I define the action to execute when the form will be
> processed
> >      for action in dictFields['action'].values():
> >        if action.has_key(None): # first I find the proper action
> button
> >          try:
> >            methodToInvoke=action['methodToInvoke'] # try to use
> it's 
> > method to invoke
> >          except KeyError: # and if none was specified
> >            methodToInvoke='processFormData' # use a standard method
> to 
> > invoke
> >          if action.has_key('suppressValidation'):
> >            getattr(self, methodToInvoke)(rawFields)
> >            return
> 
> There's a security concern here, you should check that the method is 
> marked public in some way.  In Webware there's the actions() list of 
> methods; I've also used attributes, or call all the methods
> action_name, 
> or something like that.

Yes, you are right but I have a question about this, is there a problem
on have a class attribute called actions rather than a method?

class MyServlet:
  actions=['some_actions', 'some_another_action']
  ...

Or it's only the author preference?

Let me explain each part of the unclean code:

> >      try: # I try to validate it
> >        processedFields=validators.to_python(self.schema,
> dict([(key, 
> > dictFields[key]) for key in self.schema.fields.keys()]))

First i try to validate the fields over the schema, using the keys of
schema specified. This way, a submit button or another fields that is
not part of the schema is not validated.

> >        getattr(self, methodToInvoke)(processedFields)
> >        return
> >      except validators.Invalid, error: # if an error occours
> >        parser=htmlfill.FillingParser(rawFields, 
> > errors=error.unpack_errors())
> >        parser.feed(self.response()._strmOut.buffer()) # I feed the 
> > parser with the page content
> >        self.response()._strmOut.clear() # clear the old page
> content
> >        self.write(parser.text()) # and write the parsed page
> content
> >        parser.close()
> This part isn't very clean (the _strmOut), but then you probably know
> that.

I looked the webware code searching where it writes the page content
out, I found the ASStreamOut class (WebKit/ASStreamOut), the class has
method to flush, clear, close, etc, and has the write method. The write
method is called on HTTPResponse's write method. It seems that the
HTTPResponse's write method write all the content to the _strmOut
attribute.

So I feed the parser with _strmOut.buffer() (this is the page content
before it is commited), then I call _strmOut.clear(), this method
remove all content write to the page until that point. So I can write
the proper content (the parsed content).
> >  def sleep(self, t):
> >    """This way FormServlet should be the first class on
> extension."""
> >    self.processForm()
> >    try:
> >      self.__class__.__bases__[1].sleep(self, t)
> >    except IndexError:
> >      raise Exception, 'the Servlet should be extended from two
> other, 
> > the FormServlet and a BaseServlet'
> 
> I think this is a bit too implicit and automatic, though maybe it
> will 
> work fine.  This automatic aspect was something I didn't like about 
> FunFormKit, I'd rather have processForm() get called explicitly.

I agree again, I was thinking on a way to get the two possibilities
working together, or the use calls processForm on a method, or the user
let to the FormServlet do the job.

The first one is better on time I can call it on the writeBody method
(writeContent maybe), and write a header with a sucess message or a
error message.

> FormEncode had some of this, in FormComponent 
>
(svn://colorstudy.com/trunk/FormEncode/experimental/FormEncodeKit/FormComponent);
> 
> it worked reasonably well.  It's built on Component (from 
> svn://w4py.org/Component) is a way of mixing together pieces of code 
> into one servlet, which is where some of the awkwardness is coming
> from.

Thank you for all the attention!

=====
--
Michel Thadeu Sabchuk
Curitiba/PR


	
	
		
_______________________________________________________ 
Yahoo! Acesso Grátis - Internet rápida e grátis. Instale o discador agora! http://br.acesso.yahoo.com/