View helpers

Coaster provides functions and decorators for common scenarios in view handlers.

exception coaster.views.RequestTypeError(description=None, response=None)

Exception that combines TypeError with BadRequest. Used by requestargs().

exception coaster.views.RequestValueError(description=None, response=None)

Exception that combines ValueError with BadRequest. Used by requestargs().

coaster.views.get_current_url()

Return the current URL including the query string as a relative path. If the app uses subdomains, return an absolute path

coaster.views.get_next_url(referrer=False, external=False, session=False, default=[])

Get the next URL to redirect to. Don’t return external URLs unless explicitly asked for. This is to protect the site from being an unwitting redirector to external URLs. Subdomains are okay, however.

This function looks for a next parameter in the request or in the session (depending on whether parameter session is True). If no next is present, it checks the referrer (if enabled), and finally returns either the provided default (which can be any value including None) or url_for('index'). If your app does not have a URL endpoint named index, / is returned.

coaster.views.jsonp(*args, **kw)

Returns a JSON response with a callback wrapper, if asked for.

coaster.views.load_model(model, attributes=None, parameter=None, workflow=False, kwargs=False, permission=None, addlperms=None)

Decorator to load a model given a query parameter.

Typical usage:

@app.route('/<profile>')
@load_model(Profile, {'name': 'profile'}, 'profileob')
def profile_view(profileob):
    # 'profileob' is now a Profile model instance. The load_model decorator replaced this:
    # profileob = Profile.query.filter_by(name=profile).first_or_404()
    return "Hello, %s" % profileob.name

Using the same name for request and parameter makes code easier to understand:

@app.route('/<profile>')
@load_model(Profile, {'name': 'profile'}, 'profile')
def profile_view(profile):
    return "Hello, %s" % profile.name

load_model aborts with a 404 if no instance is found. load_model also recognizes queries to url_name of BaseIdNameMixin instances and will automatically load the model. TODO: that should be handled by the model, not here.

Parameters:
  • model – The SQLAlchemy model to query. Must contain a query object (which is the default with Flask-SQLAlchemy)
  • attributes – A dict of attributes (from the URL request) that will be used to query for the object. For each key:value pair, the key is the name of the column on the model and the value is the name of the request parameter that contains the data
  • parameter – The name of the parameter to the decorated function via which the result is passed. Usually the same as the attribute. If the parameter name is prefixed with ‘g.’, the parameter is also made available as g.<parameter>
  • workflow – If True, the method workflow() of the instance is called and the resulting workflow object is passed to the decorated function instead of the instance itself
  • kwargs – If True, the original request parameters are passed to the decorated function as a kwargs parameter
  • permission – If present, load_model calls the permissions() method of the retrieved object with g.user as a parameter. If permission is not present in the result, load_model aborts with a 403. g is the Flask request context object and you are expected to setup a request environment in which g.user is the currently logged in user. Flask-Lastuser does this automatically for you. The permission may be a string or a list of strings, in which case access is allowed if any of the listed permissions are available
  • addlperms – Iterable or callable that returns an iterable containing additional permissions available to the user, apart from those granted by the models. In an app that uses Lastuser for authentication, passing lastuser.permissions will pass through permissions granted via Lastuser
coaster.views.load_models(*chain, **kwargs)

Decorator to load a chain of models from the given parameters. This works just like load_model() and accepts the same parameters, with some small differences.

Parameters:
  • chain – The chain is a list of tuples of (model, attributes, parameter). Lists and tuples can be used interchangeably. All retrieved instances are passed as parameters to the decorated function
  • workflow – Like with load_model(), workflow() is called on the last instance in the chain, and only the resulting workflow object is passed to the decorated function
  • permission – Same as in load_model(), except permissions() is called on every instance in the chain and the retrieved permissions are passed as the second parameter to the next instance in the chain. This allows later instances to revoke permissions granted by earlier instances. As an example, if a URL represents a hierarchy such as /<page>/<comment>, the page can assign edit and delete permissions, while the comment can revoke edit and retain delete if the current user owns the page but not the comment

In the following example, load_models loads a Folder with a name matching the name in the URL, then loads a Page with a matching name and with the just-loaded Folder as parent. If the Page provides a ‘view’ permission to the current user (g.user), the decorated function is called:

@app.route('/<folder_name>/<page_name>')
@load_models(
    (Folder, {'name': 'folder_name'}, 'folder'),
    (Page, {'name': 'page_name', 'parent': 'folder'}, 'page'),
    permission='view')
def show_page(folder, page):
    return render_template('page.html', folder=folder, page=page)
coaster.views.render_with(template, json=False)

Decorator to render the wrapped method with the given template (or dictionary of mimetype keys to templates, where the template is a string name of a template file or a callable that returns a Response). The method’s return value must be a dictionary and is passed to the template as parameters. Callable templates get a single parameter with the method’s return value. Usage:

@app.route('/myview')
@render_with('myview.html')
def myview():
    return {'data': 'value'}

@app.route('/myview_with_json')
@render_with('myview.html', json=True)
def myview_no_json():
    return {'data': 'value'}

@app.route('/otherview')
@render_with({
    'text/html': 'otherview.html',
    'text/xml': 'otherview.xml'})
def otherview():
    return {'data': 'value'}

@app.route('/404view')
@render_with('myview.html')
def myview():
    return {'error': '404 Not Found'}, 404

@app.route('/headerview')
@render_with('myview.html')
def myview():
    return {'data': 'value'}, 200, {'X-Header': 'Header value'}

When a mimetype is specified and the template is not a callable, the response is returned with the same mimetype. Callable templates must return Response objects to ensure the correct mimetype is set.

If a dictionary of templates is provided and does not include a handler for */*, render_with will attempt to use the handler for (in order) text/html, text/plain and the various JSON types, falling back to rendering the value into a unicode string.

If the method is called outside a request context, the wrapped method’s original return value is returned. This is meant to facilitate testing and should not be used to call the method from within another view handler as the presence of a request context will trigger template rendering.

Rendering may also be suspended by calling the view handler with _render=False.

render_with provides a JSONP handler for the application/json, text/json and text/x-json mimetypes if :param:`json` is True (default is False).

coaster.views.requestargs(*vars)

Decorator that loads parameters from request.values if not specified in the function’s keyword arguments. Usage:

@requestargs('param1', ('param2', int), 'param3[]', ...)
def function(param1, param2=0, param3=None):
    ...

requestargs takes a list of parameters to pass to the wrapped function, with an optional filter (useful to convert incoming string request data into integers and other common types). If a required parameter is missing and your function does not specify a default value, Python will raise TypeError. requestargs recasts this as RequestTypeError, which returns HTTP 400 Bad Request.

If the parameter name ends in [], requestargs will attempt to read a list from the incoming data. Filters are applied to each member of the list, not to the whole list.

If the filter raises a ValueError, this is recast as a RequestValueError, which also returns HTTP 400 Bad Request.

Tests:

>>> from flask import Flask
>>> app = Flask(__name__)
>>>
>>> @requestargs('p1', ('p2', int), ('p3[]', int))
... def f(p1, p2=None, p3=None):
...     return p1, p2, p3
...
>>> f(p1=1)
(1, None, None)
>>> f(p1=1, p2=2)
(1, 2, None)
>>> f(p1='a', p2='b')
('a', 'b', None)
>>> with app.test_request_context('/?p2=2'):
...     f(p1='1')
...
('1', 2, None)
>>> with app.test_request_context('/?p3=1&p3=2'):
...     f(p1='1', p2='2')
...
('1', '2', [1, 2])