vtt/src/ttfrog/web.py

from flask import Response, g, redirect, render_template, request, session, url_for
from tinydb import where

from ttfrog import app, forms, schema


def relative_uri(path: str = ""):
    """
    The request's URI relative to the VIEW_URI without the leading '/'.
    """

    return (path or request.path).replace(app.config.VIEW_URI, "", 1).strip("/") or "/"


def get_parent(table: str, uri: str):
    try:
        parent_uri = uri.strip("/").rsplit("/", 1)[0]
    except IndexError:
        return None

    return get_page(parent_uri, table=table if "/" in parent_uri else "Page", create_okay=False)


def get_page(path: str, table: str = "Page", create_okay: bool = False):
    """
    Get one page, including its members, but not recursively.
    """
    uri = relative_uri(path)

    if table not in app.db.tables():
        app.web.logger.debug(f"Table {table} does not exist in {app.db.tables()}.")
        return None

    page = app.db.table(table).get(where("uri") == uri, recurse=False)

    if not page:
        app.web.logger.debug("Page does not exist.")
        if not create_okay:
            app.web.logger.debug("Page does not exist and creating is not okay.")
            return None
        parent = get_parent(table, uri)
        if not app.authorize(g.user, parent, schema.Permissions.WRITE):
            app.web.logger.debug(f"User {g.user} is not authorized to write {parent}")
            return None
        return getattr(schema, table)(name=uri.split("/")[-1], body="This page does not exist", parent=parent)

    if not app.authorize(g.user, page, schema.Permissions.READ):
        return None

    if hasattr(page, "members"):
        subpages = []
        for pointer in page.members:
            table, pkey, pval = pointer.split("::")
            subpages += app.db.table(table).search(where(pkey) == pval, recurse=False)
        page.members = subpages

    return page


def rendered(page: schema.Record, template: str = "page.html"):
    if not page:
        return Response("Page not found", status=404)

    return render_template(
        template,
        page=page,
        app=app,
        breadcrumbs=breadcrumbs(),
        root=g.root,
        user=g.user,
        g=g
    )


def breadcrumbs():
    """
    Return (uri, name) pairs for the parents leading from the VIEW_URI to the current request.
    """
    uri = ""
    for name in relative_uri().split("/"):
        uri = "/".join([uri, name])
        yield (uri, name)


@app.web.route(app.config.VIEW_URI)
def index():
    return rendered(get_page(app.config.VIEW_URI, create_okay=False))


@app.web.route("/login", methods=["GET", "POST"])
def login():
    app.web.session_interface.regenerate(session)
    if request.method == "POST":
        username = request.form.get("username")
        password = request.form.get("password")
        user = app.authenticate(username, password)
        if user:
            g.user = user
            session["user_id"] = g.user.doc_id
            session["user"] = dict(g.user.serialize())
            return redirect(url_for("index"))
        g.messages.append(f"Invalid login for {username}")
    return rendered(schema.Page(name="Login", title="Please enter your login details"), "login.html")


@app.web.route("/logout")
def logout():
    if "user_id" in session:
        del session["user_id"]
    del g.user
    return redirect(url_for("index"))


@app.web.route(f"{app.config.VIEW_URI}/<path:table>/<path:path>", methods=["GET"])
@app.web.route(f"{app.config.VIEW_URI}/<path:path>", methods=["GET"], defaults={"table": "Page"})
def view(table, path):
    parent = get_parent(table, relative_uri())
    if table not in app.db.tables():
        table = parent.__class__.__name__ if parent else "Page"
    page = get_page(request.path, table=table, create_okay=(parent and parent.doc_id is not None))
    return rendered(page)


@app.web.route(f"{app.config.VIEW_URI}/<path:table>/<path:path>", methods=["POST"])
@app.web.route(f"{app.config.VIEW_URI}/<path:path>", methods=["POST"], defaults={"table": "Page"})
def edit(table, path):
    uri = relative_uri()
    parent = get_parent(table, uri)
    if not parent:
        return Response("You cannot create a page at this location.", status=403)

    # get or create the docoument at this uri
    page = get_page(uri, table=table, create_okay=True)
    if not app.authorize(g.user, page, schema.Permissions.WRITE):
        return Response("Permission denied.", status=403)
    save_data = getattr(forms, table)(page, request.form).prepare()

    # editing existing document
    if page.doc_id:
        if page.uid != request.form["uid"]:
            return Response("Invalid UID.", status=403)
        return rendered(app.db.save(save_data))

    # saving a new document
    return rendered(parent.add_member(save_data))


@app.web.before_request
def before_request():
    g.messages = []
    if not request.path.startswith('/static'):
        user_id = session.get("user_id", 1)
        g.user = app.db.User.get(doc_id=user_id)
        session["user_id"] = user_id
        session["user"] = dict(g.user.serialize())
        g.root = get_page(app.config.VIEW_URI)


@app.web.after_request
def add_header(r):
    r.headers["Cache-Control"] = "no-cache, no-store, must-revalidate, public, max-age=0"
    r.headers["Pragma"] = "no-cache"
    r.headers["Expires"] = "0"
    return r
Implement ACLs 2025-10-05 00:15:37 -07:00			`from flask import Response, g, redirect, render_template, request, session, url_for`
set up web routing and templates 2025-09-27 16:20:08 -07:00			`from tinydb import where`
WIP 2025-09-28 14:14:16 -07:00
Implement ACLs 2025-10-05 00:15:37 -07:00			`from ttfrog import app, forms, schema`
set up flask app 2025-09-21 22:11:56 -07:00
unique constraint uses equals not matches 2025-10-03 16:44:25 -07:00
			`def relative_uri(path: str = ""):`
			`"""`
			`The request's URI relative to the VIEW_URI without the leading '/'.`
			`"""`

			`return (path or request.path).replace(app.config.VIEW_URI, "", 1).strip("/") or "/"`


WIP 2025-10-04 01:26:09 -07:00			`def get_parent(table: str, uri: str):`
unique constraint uses equals not matches 2025-10-03 16:44:25 -07:00			`try:`
only allow page creation if parent exists 2025-10-04 09:00:50 -07:00			`parent_uri = uri.strip("/").rsplit("/", 1)[0]`
unique constraint uses equals not matches 2025-10-03 16:44:25 -07:00			`except IndexError:`
			`return None`

Implement ACLs 2025-10-05 00:15:37 -07:00			`return get_page(parent_uri, table=table if "/" in parent_uri else "Page", create_okay=False)`
unique constraint uses equals not matches 2025-10-03 16:44:25 -07:00
WIP 2025-10-04 01:26:09 -07:00
web ui checkpoint 2025-10-12 15:36:38 -07:00			`def get_page(path: str, table: str = "Page", create_okay: bool = False):`
WIP 2025-09-28 14:14:16 -07:00			`"""`
WIP 2025-10-04 01:26:09 -07:00			`Get one page, including its members, but not recursively.`
WIP 2025-09-28 14:14:16 -07:00			`"""`
web ui checkpoint 2025-10-12 15:36:38 -07:00			`uri = relative_uri(path)`

WIP 2025-10-04 01:26:09 -07:00			`if table not in app.db.tables():`
ui wip 2025-10-18 11:23:03 -07:00			`app.web.logger.debug(f"Table {table} does not exist in {app.db.tables()}.")`
WIP 2025-10-04 01:26:09 -07:00			`return None`

Implement ACLs 2025-10-05 00:15:37 -07:00			`page = app.db.table(table).get(where("uri") == uri, recurse=False)`

			`if not page:`
ui wip 2025-10-18 11:23:03 -07:00			`app.web.logger.debug("Page does not exist.")`
unique constraint uses equals not matches 2025-10-03 16:44:25 -07:00			`if not create_okay:`
ui wip 2025-10-18 11:23:03 -07:00			`app.web.logger.debug("Page does not exist and creating is not okay.")`
unique constraint uses equals not matches 2025-10-03 16:44:25 -07:00			`return None`
Implement ACLs 2025-10-05 00:15:37 -07:00			`parent = get_parent(table, uri)`
ui wip 2025-10-18 11:23:03 -07:00			`if not app.authorize(g.user, parent, schema.Permissions.WRITE):`
			`app.web.logger.debug(f"User {g.user} is not authorized to write {parent}")`
Implement ACLs 2025-10-05 00:15:37 -07:00			`return None`
			`return getattr(schema, table)(name=uri.split("/")[-1], body="This page does not exist", parent=parent)`

WIP 2025-10-07 01:18:36 -07:00			`if not app.authorize(g.user, page, schema.Permissions.READ):`
Implement ACLs 2025-10-05 00:15:37 -07:00			`return None`

			`if hasattr(page, "members"):`
WIP 2025-10-04 01:26:09 -07:00			`subpages = []`
Implement ACLs 2025-10-05 00:15:37 -07:00			`for pointer in page.members:`
implement primary keys 2025-10-08 00:46:09 -07:00			`table, pkey, pval = pointer.split("::")`
			`subpages += app.db.table(table).search(where(pkey) == pval, recurse=False)`
WIP 2025-10-04 01:26:09 -07:00			`page.members = subpages`

			`return page`
set up flask app 2025-09-21 22:11:56 -07:00
set up web routing and templates 2025-09-27 16:20:08 -07:00
unique constraint uses equals not matches 2025-10-03 16:44:25 -07:00			`def rendered(page: schema.Record, template: str = "page.html"):`
			`if not page:`
			`return Response("Page not found", status=404)`

web ui checkpoint 2025-10-12 15:36:38 -07:00			`return render_template(`
			`template,`
			`page=page,`
			`app=app,`
			`breadcrumbs=breadcrumbs(),`
			`root=g.root,`
			`user=g.user,`
			`g=g`
			`)`
unique constraint uses equals not matches 2025-10-03 16:44:25 -07:00

			`def breadcrumbs():`
			`"""`
WIP 2025-10-04 01:26:09 -07:00			`Return (uri, name) pairs for the parents leading from the VIEW_URI to the current request.`
unique constraint uses equals not matches 2025-10-03 16:44:25 -07:00			`"""`
			`uri = ""`
WIP 2025-10-04 01:26:09 -07:00			`for name in relative_uri().split("/"):`
web ui checkpoint 2025-10-12 15:36:38 -07:00			`uri = "/".join([uri, name])`
WIP 2025-10-04 01:26:09 -07:00			`yield (uri, name)`
unique constraint uses equals not matches 2025-10-03 16:44:25 -07:00

web ui checkpoint 2025-10-12 15:36:38 -07:00			`@app.web.route(app.config.VIEW_URI)`
set up web routing and templates 2025-09-27 16:20:08 -07:00			`def index():`
web ui checkpoint 2025-10-12 15:36:38 -07:00			`return rendered(get_page(app.config.VIEW_URI, create_okay=False))`
set up web routing and templates 2025-09-27 16:20:08 -07:00

Implement ACLs 2025-10-05 00:15:37 -07:00			`@app.web.route("/login", methods=["GET", "POST"])`
Adding sessions 2025-10-04 10:48:18 -07:00			`def login():`
			`app.web.session_interface.regenerate(session)`
Implement ACLs 2025-10-05 00:15:37 -07:00			`if request.method == "POST":`
			`username = request.form.get("username")`
			`password = request.form.get("password")`
WIP 2025-10-07 01:18:36 -07:00			`user = app.authenticate(username, password)`
			`if user:`
			`g.user = user`
			`session["user_id"] = g.user.doc_id`
			`session["user"] = dict(g.user.serialize())`
Implement ACLs 2025-10-05 00:15:37 -07:00			`return redirect(url_for("index"))`
			`g.messages.append(f"Invalid login for {username}")`
			`return rendered(schema.Page(name="Login", title="Please enter your login details"), "login.html")`
Adding sessions 2025-10-04 10:48:18 -07:00

			`@app.web.route("/logout")`
			`def logout():`
Implement ACLs 2025-10-05 00:15:37 -07:00			`if "user_id" in session:`
			`del session["user_id"]`
Adding sessions 2025-10-04 10:48:18 -07:00			`del g.user`
implement primary keys 2025-10-08 00:46:09 -07:00			`return redirect(url_for("index"))`
Adding sessions 2025-10-04 10:48:18 -07:00

WIP 2025-10-04 01:26:09 -07:00			`@app.web.route(f"{app.config.VIEW_URI}/<path:table>/<path:path>", methods=["GET"])`
Implement ACLs 2025-10-05 00:15:37 -07:00			`@app.web.route(f"{app.config.VIEW_URI}/<path:path>", methods=["GET"], defaults={"table": "Page"})`
WIP 2025-10-04 01:26:09 -07:00			`def view(table, path):`
only allow page creation if parent exists 2025-10-04 09:00:50 -07:00			`parent = get_parent(table, relative_uri())`
ui wip 2025-10-18 11:23:03 -07:00			`if table not in app.db.tables():`
			`table = parent.__class__.__name__ if parent else "Page"`
web ui checkpoint 2025-10-12 15:36:38 -07:00			`page = get_page(request.path, table=table, create_okay=(parent and parent.doc_id is not None))`
			`return rendered(page)`
unique constraint uses equals not matches 2025-10-03 16:44:25 -07:00

WIP 2025-10-04 01:26:09 -07:00			`@app.web.route(f"{app.config.VIEW_URI}/<path:table>/<path:path>", methods=["POST"])`
Implement ACLs 2025-10-05 00:15:37 -07:00			`@app.web.route(f"{app.config.VIEW_URI}/<path:path>", methods=["POST"], defaults={"table": "Page"})`
WIP 2025-10-04 01:26:09 -07:00			`def edit(table, path):`
unique constraint uses equals not matches 2025-10-03 16:44:25 -07:00			`uri = relative_uri()`
WIP 2025-10-04 01:26:09 -07:00			`parent = get_parent(table, uri)`
unique constraint uses equals not matches 2025-10-03 16:44:25 -07:00			`if not parent:`
only allow page creation if parent exists 2025-10-04 09:00:50 -07:00			`return Response("You cannot create a page at this location.", status=403)`
unique constraint uses equals not matches 2025-10-03 16:44:25 -07:00
WIP 2025-10-04 01:26:09 -07:00			`# get or create the docoument at this uri`
			`page = get_page(uri, table=table, create_okay=True)`
WIP 2025-10-07 01:18:36 -07:00			`if not app.authorize(g.user, page, schema.Permissions.WRITE):`
			`return Response("Permission denied.", status=403)`
WIP 2025-10-04 01:26:09 -07:00			`save_data = getattr(forms, table)(page, request.form).prepare()`

			`# editing existing document`
unique constraint uses equals not matches 2025-10-03 16:44:25 -07:00			`if page.doc_id:`
			`if page.uid != request.form["uid"]:`
			`return Response("Invalid UID.", status=403)`
WIP 2025-10-04 01:26:09 -07:00			`return rendered(app.db.save(save_data))`
unique constraint uses equals not matches 2025-10-03 16:44:25 -07:00
WIP 2025-10-04 01:26:09 -07:00			`# saving a new document`
WIP 2025-10-07 01:18:36 -07:00			`return rendered(parent.add_member(save_data))`
WIP 2025-09-28 14:14:16 -07:00

Adding sessions 2025-10-04 10:48:18 -07:00			`@app.web.before_request`
			`def before_request():`
Implement ACLs 2025-10-05 00:15:37 -07:00			`g.messages = []`
working UI 2025-10-17 19:33:29 -07:00			`if not request.path.startswith('/static'):`
			`user_id = session.get("user_id", 1)`
			`g.user = app.db.User.get(doc_id=user_id)`
			`session["user_id"] = user_id`
			`session["user"] = dict(g.user.serialize())`
			`g.root = get_page(app.config.VIEW_URI)`
Adding sessions 2025-10-04 10:48:18 -07:00

WIP 2025-09-28 14:14:16 -07:00			`@app.web.after_request`
			`def add_header(r):`
			`r.headers["Cache-Control"] = "no-cache, no-store, must-revalidate, public, max-age=0"`
			`r.headers["Pragma"] = "no-cache"`
			`r.headers["Expires"] = "0"`
			`return r`