1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
|
==========
Design
==========
Following is a quick overview of our wiki application, to help
us understand the changes that we will be doing next in our
default files generated by the ``zodb`` scaffold.
Overall
-------
We choose to use ``reStructuredText`` markup in the wiki text.
Translation from reStructuredText to HTML is provided by the
widely used ``docutils`` Python module. We will add this module
in the dependency list on the project ``setup.py`` file.
Models
------
The root resource, named *Wiki*, will be a mapping of wiki page
names to page resources. The page resources will be instances
of a *Page* class and they store the text content.
URLs like ``/PageName`` will be traversed using Wiki[
*PageName* ] => page, and the context that results is the page
resource of an existing page.
To add a page to the wiki, a new instance of the page resource
is created and its name and reference are added to the Wiki
mapping.
A page named *FrontPage* containing the text *This is the front
page*, will be created when the storage is initialized, and will
be used as the wiki home page.
Views
-----
There will be three views to handle the normal operations of adding,
editing, and viewing wiki pages, plus one view for the wiki front page.
Two templates will be used, one for viewing, and one for both adding
and editing wiki pages.
The default templating systems in :app:`Pyramid` are
:term:`Chameleon` and :term:`Mako`. Chameleon is a variant of
:term:`ZPT`, which is an XML-based templating language. Mako is a
non-XML-based templating language. Because we had to pick one,
we chose Chameleon for this tutorial.
Security
--------
We'll eventually be adding security to our application. The components we'll
use to do this are below.
- USERS, a dictionary mapping :term:`userids <userid>` to their
corresponding passwords.
- GROUPS, a dictionary mapping :term:`userids <userid>` to a
list of groups to which they belong to.
- ``groupfinder``, an *authorization callback* that looks up
USERS and GROUPS. It will be provided in a new
*security.py* file.
- An :term:`ACL` is attached to the root :term:`resource`. Each
row below details an :term:`ACE`:
+----------+----------------+----------------+
| Action | Principal | Permission |
+==========+================+================+
| Allow | Everyone | View |
+----------+----------------+----------------+
| Allow | group:editors | Edit |
+----------+----------------+----------------+
- Permission declarations are added to the views to assert the security
policies as each request is handled.
Two additional views and one template will handle the login and
logout tasks.
Summary
-------
The URL, context, actions, template and permission associated to each view are
listed in the following table:
+----------------------+-------------+-----------------+-----------------------+------------+------------+
| URL | View | Context | Action | Template | Permission |
| | | | | | |
+======================+=============+=================+=======================+============+============+
| / | view_wiki | Wiki | Redirect to | | |
| | | | /FrontPage | | |
+----------------------+-------------+-----------------+-----------------------+------------+------------+
| /PageName | view_page | Page | Display existing | view.pt | view |
| | [1]_ | | page [2]_ | | |
| | | | | | |
| | | | | | |
| | | | | | |
+----------------------+-------------+-----------------+-----------------------+------------+------------+
| /PageName/edit_page | edit_page | Page | Display edit form | edit.pt | edit |
| | | | with existing | | |
| | | | content. | | |
| | | | | | |
| | | | If the form was | | |
| | | | submitted, redirect | | |
| | | | to /PageName | | |
+----------------------+-------------+-----------------+-----------------------+------------+------------+
| /add_page/PageName | add_page | Wiki | Create the page | edit.pt | edit |
| | | | *PageName* in | | |
| | | | storage, display | | |
| | | | the edit form | | |
| | | | without content. | | |
| | | | | | |
| | | | If the form was | | |
| | | | submitted, | | |
| | | | redirect to | | |
| | | | /PageName | | |
+----------------------+-------------+-----------------+-----------------------+------------+------------+
| /login | login | Wiki, | Display login form. | login.pt | |
| | | Forbidden [3]_ | | | |
| | | | If the form was | | |
| | | | submitted, | | |
| | | | authenticate. | | |
| | | | | | |
| | | | - If authentication | | |
| | | | successful, | | |
| | | | redirect to the | | |
| | | | page that we | | |
| | | | came from. | | |
| | | | | | |
| | | | - If authentication | | |
| | | | fails, display | | |
| | | | login form with | | |
| | | | "login failed" | | |
| | | | message. | | |
| | | | | | |
+----------------------+-------------+-----------------+-----------------------+------------+------------+
| /logout | logout | Wiki | Redirect to | | |
| | | | /FrontPage | | |
+----------------------+-------------+-----------------+-----------------------+------------+------------+
.. [1] This is the default view for a Page context
when there is no view name.
.. [2] Pyramid will return a default 404 Not Found page
if the page *PageName* does not exist yet.
.. [3] pyramid.exceptions.Forbidden is reached when a
user tries to invoke a view that is
not authorized by the authorization policy.
|
