- •Front Matter
- •Copyright, Trademarks, and Attributions
- •Attributions
- •Print Production
- •Contacting The Publisher
- •HTML Version and Source Code
- •Typographical Conventions
- •Author Introduction
- •Audience
- •Book Content
- •The Genesis of repoze.bfg
- •The Genesis of Pyramid
- •Thanks
- •Pyramid Introduction
- •What Makes Pyramid Unique
- •URL generation
- •Debug Toolbar
- •Debugging settings
- •Class-based and function-based views
- •Extensible templating
- •Rendered views can return dictionaries
- •Event system
- •Built-in internationalization
- •HTTP caching
- •Sessions
- •Speed
- •Exception views
- •No singletons
- •View predicates and many views per route
- •Transaction management
- •Flexible authentication and authorization
- •Traversal
- •Tweens
- •View response adapters
- •Testing
- •Support
- •Documentation
- •What Is The Pylons Project?
- •Pyramid and Other Web Frameworks
- •Installing Pyramid
- •Before You Install
- •Installing Pyramid on a UNIX System
- •Installing the virtualenv Package
- •Creating the Virtual Python Environment
- •Installing Pyramid Into the Virtual Python Environment
- •Installing Pyramid on a Windows System
- •What Gets Installed
- •Application Configuration
- •Summary
- •Creating Your First Pyramid Application
- •Hello World
- •Imports
- •View Callable Declarations
- •WSGI Application Creation
- •WSGI Application Serving
- •Conclusion
- •References
- •Creating a Pyramid Project
- •Scaffolds Included with Pyramid
- •Creating the Project
- •Installing your Newly Created Project for Development
- •Running The Tests For Your Application
- •Running The Project Application
- •Reloading Code
- •Viewing the Application
- •The Debug Toolbar
- •The Project Structure
- •The MyProject Project
- •development.ini
- •production.ini
- •MANIFEST.in
- •setup.py
- •setup.cfg
- •The myproject Package
- •__init__.py
- •views.py
- •static
- •templates/mytemplate.pt
- •tests.py
- •Modifying Package Structure
- •Using the Interactive Shell
- •What Is This pserve Thing
- •Using an Alternate WSGI Server
- •Startup
- •The Startup Process
- •Deployment Settings
- •Request Processing
- •URL Dispatch
- •High-Level Operational Overview
- •Route Pattern Syntax
- •Route Declaration Ordering
- •Route Matching
- •The Matchdict
- •The Matched Route
- •Routing Examples
- •Example 1
- •Example 2
- •Example 3
- •Matching the Root URL
- •Generating Route URLs
- •Static Routes
- •Debugging Route Matching
- •Using a Route Prefix to Compose Applications
- •Custom Route Predicates
- •Route Factories
- •Using Pyramid Security With URL Dispatch
- •Route View Callable Registration and Lookup Details
- •References
- •Views
- •View Callables
- •View Callable Responses
- •Using Special Exceptions In View Callables
- •HTTP Exceptions
- •How Pyramid Uses HTTP Exceptions
- •Custom Exception Views
- •Using a View Callable to Do an HTTP Redirect
- •Handling Form Submissions in View Callables (Unicode and Character Set Issues)
- •Alternate View Callable Argument/Calling Conventions
- •Renderers
- •Writing View Callables Which Use a Renderer
- •Built-In Renderers
- •string: String Renderer
- •json: JSON Renderer
- •JSONP Renderer
- •*.pt or *.txt: Chameleon Template Renderers
- •*.mak or *.mako: Mako Template Renderer
- •Varying Attributes of Rendered Responses
- •Deprecated Mechanism to Vary Attributes of Rendered Responses
- •Adding and Changing Renderers
- •Adding a New Renderer
- •Changing an Existing Renderer
- •Overriding A Renderer At Runtime
- •Templates
- •Using Templates Directly
- •System Values Used During Rendering
- •Chameleon ZPT Templates
- •A Sample ZPT Template
- •Using ZPT Macros in Pyramid
- •Templating with Chameleon Text Templates
- •Side Effects of Rendering a Chameleon Template
- •Debugging Templates
- •Chameleon Template Internationalization
- •Templating With Mako Templates
- •A Sample Mako Template
- •Automatically Reloading Templates
- •Available Add-On Template System Bindings
- •View Configuration
- •Mapping a Resource or URL Pattern to a View Callable
- •@view_defaults Class Decorator
- •NotFound Errors
- •Debugging View Configuration
- •Static Assets
- •Serving Static Assets
- •Generating Static Asset URLs
- •Advanced: Serving Static Assets Using a View Callable
- •Root-Relative Custom Static View (URL Dispatch Only)
- •Overriding Assets
- •The override_asset API
- •Request and Response Objects
- •Request
- •Special Attributes Added to the Request by Pyramid
- •URLs
- •Methods
- •Unicode
- •Multidict
- •Dealing With A JSON-Encoded Request Body
- •Cleaning Up After a Request
- •More Details
- •Response
- •Headers
- •Instantiating the Response
- •Exception Responses
- •More Details
- •Sessions
- •Using The Default Session Factory
- •Using a Session Object
- •Using Alternate Session Factories
- •Creating Your Own Session Factory
- •Flash Messages
- •Using the session.flash Method
- •Using the session.pop_flash Method
- •Using the session.peek_flash Method
- •Preventing Cross-Site Request Forgery Attacks
- •Using the session.get_csrf_token Method
- •Using the session.new_csrf_token Method
- •Using Events
- •An Example
- •Reloading Templates
- •Reloading Assets
- •Debugging Authorization
- •Debugging Not Found Errors
- •Debugging Route Matching
- •Preventing HTTP Caching
- •Debugging All
- •Reloading All
- •Default Locale Name
- •Including Packages
- •pyramid.includes vs. pyramid.config.Configurator.include()
- •Mako Template Render Settings
- •Mako Directories
- •Mako Module Directory
- •Mako Input Encoding
- •Mako Error Handler
- •Mako Default Filters
- •Mako Import
- •Mako Preprocessor
- •Examples
- •Understanding the Distinction Between reload_templates and reload_assets
- •Adding A Custom Setting
- •Logging
- •Sending Logging Messages
- •Filtering log messages
- •Logging Exceptions
- •PasteDeploy Configuration Files
- •PasteDeploy
- •Entry Points and PasteDeploy .ini Files
- •[DEFAULTS] Section of a PasteDeploy .ini File
- •Command-Line Pyramid
- •Displaying Matching Views for a Given URL
- •The Interactive Shell
- •Extending the Shell
- •IPython or bpython
- •Displaying All Application Routes
- •Invoking a Request
- •Writing a Script
- •Changing the Request
- •Cleanup
- •Setting Up Logging
- •Making Your Script into a Console Script
- •Internationalization and Localization
- •Creating a Translation String
- •Using The TranslationString Class
- •Using the TranslationStringFactory Class
- •Working With gettext Translation Files
- •Installing Babel and Lingua
- •Extracting Messages from Code and Templates
- •Initializing a Message Catalog File
- •Updating a Catalog File
- •Compiling a Message Catalog File
- •Using a Localizer
- •Performing a Translation
- •Performing a Pluralization
- •Obtaining the Locale Name for a Request
- •Performing Date Formatting and Currency Formatting
- •Chameleon Template Support for Translation Strings
- •Mako Pyramid I18N Support
- •Localization-Related Deployment Settings
- •Activating Translation
- •Adding a Translation Directory
- •Setting the Locale
- •Locale Negotiators
- •The Default Locale Negotiator
- •Using a Custom Locale Negotiator
- •Virtual Hosting
- •Virtual Root Support
- •Further Documentation and Examples
- •Test Set Up and Tear Down
- •What?
- •Using the Configurator and pyramid.testing APIs in Unit Tests
- •Creating Integration Tests
- •Creating Functional Tests
- •Resources
- •Location-Aware Resources
- •Generating The URL Of A Resource
- •Overriding Resource URL Generation
- •Generating the Path To a Resource
- •Finding a Resource by Path
- •Obtaining the Lineage of a Resource
- •Determining if a Resource is In The Lineage of Another Resource
- •Finding the Root Resource
- •Resources Which Implement Interfaces
- •Finding a Resource With a Class or Interface in Lineage
- •Pyramid API Functions That Act Against Resources
- •Much Ado About Traversal
- •URL Dispatch
- •Historical Refresher
- •Traversal (aka Resource Location)
- •View Lookup
- •Use Cases
- •Traversal
- •Traversal Details
- •The Resource Tree
- •The Traversal Algorithm
- •A Description of The Traversal Algorithm
- •Traversal Algorithm Examples
- •References
- •Security
- •Enabling an Authorization Policy
- •Enabling an Authorization Policy Imperatively
- •Protecting Views with Permissions
- •Setting a Default Permission
- •Assigning ACLs to your Resource Objects
- •Elements of an ACL
- •Special Principal Names
- •Special Permissions
- •Special ACEs
- •ACL Inheritance and Location-Awareness
- •Changing the Forbidden View
- •Debugging View Authorization Failures
- •Debugging Imperative Authorization Failures
- •Creating Your Own Authentication Policy
- •Creating Your Own Authorization Policy
- •Combining Traversal and URL Dispatch
- •A Review of Non-Hybrid Applications
- •URL Dispatch Only
- •Traversal Only
- •Hybrid Applications
- •The Root Object for a Route Match
- •Using *traverse In a Route Pattern
- •Using *subpath in a Route Pattern
- •Corner Cases
- •Registering a Default View for a Route That Has a view Attribute
- •Using Hooks
- •Changing the Not Found View
- •Changing the Forbidden View
- •Changing the Request Factory
- •Using The Before Render Event
- •Adding Renderer Globals (Deprecated)
- •Using Response Callbacks
- •Using Finished Callbacks
- •Changing the Traverser
- •Changing How pyramid.request.Request.resource_url() Generates a URL
- •Changing How Pyramid Treats View Responses
- •Using a View Mapper
- •Creating a Tween Factory
- •Registering an Implicit Tween Factory
- •Suggesting Implicit Tween Ordering
- •Explicit Tween Ordering
- •Displaying Tween Ordering
- •Pyramid Configuration Introspection
- •Using the Introspector
- •Introspectable Objects
- •Pyramid Introspection Categories
- •Introspection in the Toolbar
- •Disabling Introspection
- •Rules for Building An Extensible Application
- •Fundamental Plugpoints
- •Extending an Existing Application
- •Extending the Application
- •Overriding Views
- •Overriding Routes
- •Overriding Assets
- •Advanced Configuration
- •Two-Phase Configuration
- •Using config.action in a Directive
- •Adding Configuration Introspection
- •Introspectable Relationships
- •Thread Locals
- •Why and How Pyramid Uses Thread Local Variables
- •Using the Zope Component Architecture in Pyramid
- •Using the ZCA Global API in a Pyramid Application
- •Disusing the Global ZCA API
- •Enabling the ZCA Global API by Using hook_zca
- •Enabling the ZCA Global API by Using The ZCA Global Registry
- •Background
- •Design
- •Overall
- •Models
- •Views
- •Security
- •Summary
- •Installation
- •Preparation
- •Make a Project
- •Run the Tests
- •Expose Test Coverage Information
- •Start the Application
- •Visit the Application in a Browser
- •Decisions the zodb Scaffold Has Made For You
- •Basic Layout
- •Resources and Models with models.py
- •Views With views.py
- •Defining the Domain Model
- •Delete the Database
- •Edit models.py
- •Look at the Result of Our Edits to models.py
- •View the Application in a Browser
- •Defining Views
- •Declaring Dependencies in Our setup.py File
- •Adding View Functions
- •Viewing the Result of all Our Edits to views.py
- •Adding Templates
- •Viewing the Application in a Browser
- •Adding Authorization
- •Add Authentication and Authorization Policies
- •Add security.py
- •Give Our Root Resource an ACL
- •Add Login and Logout Views
- •Change Existing Views
- •Add permission Declarations to our view_config Decorators
- •Add the login.pt Template
- •Change view.pt and edit.pt
- •See Our Changes To views.py and our Templates
- •View the Application in a Browser
- •Adding Tests
- •Test the Models
- •Test the Views
- •Functional tests
- •View the results of all our edits to tests.py
- •Run the Tests
- •Distributing Your Application
- •SQLAlchemy + URL Dispatch Wiki Tutorial
- •Background
- •Design
- •Overall
- •Models
- •Views
- •Security
- •Summary
- •Installation
- •Preparation
- •Making a Project
- •Running the Tests
- •Exposing Test Coverage Information
- •Initializing the Database
- •Starting the Application
- •Decisions the alchemy Scaffold Has Made For You
- •Basic Layout
- •View Declarations via views.py
- •Content Models with models.py
- •Making Edits to models.py
- •Changing scripts/initializedb.py
- •Reinitializing the Database
- •Viewing the Application in a Browser
- •Defining Views
- •Declaring Dependencies in Our setup.py File
- •Running setup.py develop
- •Changing the views.py File
- •Adding Templates
- •Adding Routes to __init__.py
- •Viewing the Application in a Browser
- •Adding Authorization
- •Adding A Root Factory
- •Add an Authorization Policy and an Authentication Policy
- •Adding an authentication policy callback
- •Adding Login and Logout Views
- •Changing Existing Views
- •Adding the login.pt Template
- •Seeing Our Changes To views.py and our Templates
- •Viewing the Application in a Browser
- •Adding Tests
- •Testing the Models
- •Testing the Views
- •Functional tests
- •Viewing the results of all our edits to tests.py
- •Running the Tests
- •Distributing Your Application
- •Converting a repoze.bfg Application to Pyramid
- •Running a Pyramid Application under mod_wsgi
- •pyramid.authorization
- •pyramid.authentication
- •Authentication Policies
- •Helper Classes
- •pyramid.chameleon_text
- •pyramid.chameleon_zpt
- •pyramid.config
- •pyramid.events
- •Functions
- •Event Types
- •pyramid.exceptions
- •pyramid.httpexceptions
- •HTTP Exceptions
- •pyramid.i18n
- •pyramid.interfaces
- •Event-Related Interfaces
- •Other Interfaces
- •pyramid.location
- •pyramid.paster
- •pyramid.registry
- •pyramid.renderers
- •pyramid.request
- •pyramid.response
- •Functions
- •pyramid.scripting
- •pyramid.security
- •Authentication API Functions
- •Authorization API Functions
- •Constants
- •Return Values
- •pyramid.settings
- •pyramid.testing
- •pyramid.threadlocal
- •pyramid.traversal
- •pyramid.url
- •pyramid.view
- •pyramid.wsgi
- •Glossary
36. ZODB + TRAVERSAL WIKI TUTORIAL
configured a forbidden view, the login view callable will be invoked whenever one of our users tries to execute a view callable that they are not allowed to invoke as determined by the authorization policy in use. In our application, for example, this means that if a user has not logged in, and he tries to add or edit a Wiki page, he will be shown the login form. Before being allowed to continue on to the add or edit form, he will have to provide credentials that give him permission to add or edit via this login form.
Note that we’re relying on some additional imports within the bodies of these views (e.g. remember and forget). We’ll see a rendering of the entire views.py file a little later here to show you where those come from.
36.7.5 Change Existing Views
In order to indicate whether the current user is logged in, we need to change each of our view_page, edit_page and add_page views in views.py to pass a “logged in” parameter into its template. We’ll add something like this to each view body:
1
2
from pyramid.security import authenticated_userid logged_in = authenticated_userid(request)
We’ll then change the return value of each view that has an associated renderer to pass the resulting logged_in value to the template. For example:
1
2
3
4
return dict(page = context, content = content, logged_in = logged_in, edit_url = edit_url)
36.7.6 Add permission Declarations to our view_config Decorators
To protect each of our views with a particular permission, we need to pass a permission argument to each of our pyramid.view.view_config decorators. To do so, within views.py:
•We add permission=’view’ to the decorator attached to the view_wiki and view_page view functions. This makes the assertion that only users who possess the view permission against the context resource at the time of the request may invoke these views. We’ve granted pyramid.security.Everyone the view permission at the root model via its ACL, so everyone will be able to invoke the view_wiki and view_page views.
422
36.7. ADDING AUTHORIZATION
•We add permission=’edit’ to the decorator attached to the add_page and edit_page view functions. This makes the assertion that only users who possess the effective edit permission against the context resource at the time of the request may invoke these views. We’ve granted the group:editors principal the edit permission at the root model via its ACL, so only a user whom is a member of the group named group:editors will able to invoke the add_page or edit_page views. We’ve likewise given the editor user membership to this group via the security.py file by mapping him to the group:editors group in the GROUPS data structure (GROUPS = {’editor’:[’group:editors’]}); the groupfinder function consults the GROUPS data structure. This means that the editor user can add and edit pages.
36.7.7 Add the login.pt Template
Add a login.pt template to your templates directory. It’s referred to within the login view we just added to views.py.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" xmlns:tal="http://xml.zope.org/namespaces/tal">
<head>
<title>Login - Pyramid tutorial wiki (based on TurboGears 20-Minute Wiki)</title>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/> <meta name="keywords" content="python web application" />
<meta name="description" content="pyramid web application" /> <link rel="shortcut icon"
href="/static/favicon.ico" /> <link rel="stylesheet"
href="/static/pylons.css"
type="text/css" media="screen" charset="utf-8" />
<!--[if lte IE 6]> <link rel="stylesheet"
href="/static/ie6.css"
type="text/css" media="screen" charset="utf-8" /> <![endif]-->
</head>
<body>
<div id="wrap">
<div id="top-small">
<div class="top-small align-center">
<div>
<img width="220" height="50" alt="pyramid" src="/static/pyramid-small.png" />
</div>
423
36. ZODB + TRAVERSAL WIKI TUTORIAL
</div>
</div>
<div id="middle">
<div class="middle align-right">
<div id="left" class="app-welcome align-left"> <b>Login</b><br/>
<span tal:replace="message"/>
</div>
<div id="right" class="app-welcome align-right"></div>
</div>
</div>
<div id="bottom">
<div class="bottom">
<form action="${url}" method="post">
<input type="hidden" name="came_from" value="${came_from}"/> <input type="text" name="login" value="${login}"/><br/> <input type="password" name="password"
value="${password}"/><br/>
<input type="submit" name="form.submitted" value="Log In"/>
</form>
</div>
</div>
</div>
<div id="footer"> <div class="footer"
>© Copyright 2008-2011, Agendaless Consulting.</div>
</div>
</body>
</html>
36.7.8 Change view.pt and edit.pt
We’ll also need to change our edit.pt and view.pt templates to display a “Logout” link if someone is logged in. This link will invoke the logout view.
To do so we’ll add this to both templates within the <div id="right" class="app-welcome align-right"> div:
<span tal:condition="logged_in">
<a href="${request.application_url}/logout">Logout</a>
</span>
424
36.7. ADDING AUTHORIZATION
36.7.9 See Our Changes To views.py and our Templates
Our views.py module will look something like this when we’re done:
1 |
from docutils.core import publish_parts |
2 |
import re |
3 |
|
4 |
from pyramid.httpexceptions import HTTPFound |
5 |
|
6 |
from pyramid.view import ( |
7view_config,
8forbidden_view_config,
9)
10
11from pyramid.security import (
12authenticated_userid,
13remember,
14forget,
15)
16
17from .security import USERS
18from .models import Page
19
20# regular expression used to find WikiWords
21wikiwords = re.compile(r"\b([A-Z]\w+[A-Z]+\w+)")
22
23@view_config(context=’.models.Wiki’, permission=’view’)
24def view_wiki(context, request):
25return HTTPFound(location=request.resource_url(context, ’FrontPage’))
26 |
|
27 |
@view_config(context=’.models.Page’, |
28 |
renderer=’templates/view.pt’, permission=’view’) |
29def view_page(context, request):
30wiki = context.__parent__
31
32def check(match):
33word = match.group(1)
34if word in wiki:
35 |
page = wiki[word] |
36 |
view_url = request.resource_url(page) |
37return ’<a href="%s">%s</a>’ % (view_url, word)
38else:
39 |
add_url = request.application_url + ’/add_page/’ + word |
40 |
return ’<a href="%s">%s</a>’ % (add_url, word) |
41 |
|
42 |
content = publish_parts(context.data, writer_name=’html’)[’html_body’] |
425
36. ZODB + TRAVERSAL WIKI TUTORIAL
43content = wikiwords.sub(check, content)
44edit_url = request.resource_url(context, ’edit_page’)
45 |
|
46 |
logged_in = authenticated_userid(request) |
47 |
|
48 |
return dict(page = context, content = content, edit_url = edit_url, |
49 |
logged_in = logged_in) |
50 |
|
51 |
@view_config(name=’add_page’, context=’.models.Wiki’, |
52 |
renderer=’templates/edit.pt’, |
53 |
permission=’edit’) |
54def add_page(context, request):
55name = request.subpath[0]
56if ’form.submitted’ in request.params:
57body = request.params[’body’]
58page = Page(body)
59page.__name__ = name
60page.__parent__ = context
61context[name] = page
62return HTTPFound(location = request.resource_url(page))
63save_url = request.resource_url(context, ’add_page’, name)
64page = Page(’’)
65page.__name__ = name
66page.__parent__ = context
67 |
|
68 |
logged_in = authenticated_userid(request) |
69 |
|
70 |
return dict(page = page, save_url = save_url, logged_in = logged_in) |
71 |
|
72 |
@view_config(name=’edit_page’, context=’.models.Page’, |
73 |
renderer=’templates/edit.pt’, |
74 |
permission=’edit’) |
75def edit_page(context, request):
76if ’form.submitted’ in request.params:
77context.data = request.params[’body’]
78return HTTPFound(location = request.resource_url(context))
79 |
|
80 |
logged_in = authenticated_userid(request) |
81 |
|
82 |
return dict(page = context, |
83 |
save_url = request.resource_url(context, ’edit_page’), |
84 |
logged_in = logged_in) |
85
86 @view_config(context=’.models.Wiki’, name=’login’, 87 renderer=’templates/login.pt’)
88 @forbidden_view_config(renderer=’templates/login.pt’)
426
36.7. ADDING AUTHORIZATION
89def login(request):
90login_url = request.resource_url(request.context, ’login’)
91referrer = request.url
92if referrer == login_url:
93referrer = ’/’ # never use the login form itself as came_from
94came_from = request.params.get(’came_from’, referrer)
95message = ’’
96login = ’’
97password = ’’
98if ’form.submitted’ in request.params:
99login = request.params[’login’]
100password = request.params[’password’]
101if USERS.get(login) == password:
102 |
headers = remember(request, |
login) |
103 |
return HTTPFound(location = |
came_from, |
104 |
headers = headers) |
|
105 |
message = ’Failed login’ |
|
106
107return dict(
108message = message,
109url = request.application_url + ’/login’,
110came_from = came_from,
111login = login,
112password = password,
113)
114
115@view_config(context=’.models.Wiki’, name=’logout’)
116def logout(request):
117headers = forget(request)
118return HTTPFound(location = request.resource_url(request.context),
119 |
headers = headers) |
Our edit.pt template will look something like this when we’re done:
1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
2"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
3 |
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" |
4 |
xmlns:tal="http://xml.zope.org/namespaces/tal"> |
5 |
<head> |
6 |
<title>${page.__name__} - Pyramid tutorial wiki (based on |
7TurboGears 20-Minute Wiki)</title>
8 <meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/>
9<meta name="keywords" content="python web application" />
10<meta name="description" content="pyramid web application" />
11<link rel="shortcut icon"
12href="/static/favicon.ico" />
427
36. ZODB + TRAVERSAL WIKI TUTORIAL
13<link rel="stylesheet"
14href="/static/pylons.css"
15type="text/css" media="screen" charset="utf-8" />
16<!--[if lte IE 6]>
17<link rel="stylesheet"
18href="/static/ie6.css"
19type="text/css" media="screen" charset="utf-8" />
20<![endif]-->
21</head>
22<body>
23<div id="wrap">
24<div id="top-small">
25<div class="top-small align-center">
26<div>
27<img width="220" height="50" alt="pyramid"
28src="/static/pyramid-small.png" />
29</div>
30</div>
31</div>
32<div id="middle">
33<div class="middle align-right">
34<div id="left" class="app-welcome align-left">
35Editing <b><span tal:replace="page.__name__">Page Name
36Goes Here</span></b><br/>
37You can return to the
38<a href="${request.application_url}">FrontPage</a>.<br/>
39</div>
40<div id="right" class="app-welcome align-right">
41<span tal:condition="logged_in">
42 |
<a href="${request.application_url}/logout">Logout</a> |
43</span>
44</div>
45</div>
46</div>
47<div id="bottom">
48<div class="bottom">
49<form action="${save_url}" method="post">
50<textarea name="body" tal:content="page.data" rows="10"
51 |
cols="60"/><br/> |
52<input type="submit" name="form.submitted" value="Save"/>
53</form>
54</div>
55</div>
56</div>
57<div id="footer">
58<div class="footer"
428
36.7. ADDING AUTHORIZATION
59>© Copyright 2008-2011, Agendaless Consulting.</div>
60</div>
61</body>
62</html>
Our view.pt template will look something like this when we’re done:
1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
2"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
3 |
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" |
4 |
xmlns:tal="http://xml.zope.org/namespaces/tal"> |
5 |
<head> |
6 |
<title>${page.__name__} - Pyramid tutorial wiki (based on |
7TurboGears 20-Minute Wiki)</title>
8 <meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/>
9<meta name="keywords" content="python web application" />
10<meta name="description" content="pyramid web application" />
11<link rel="shortcut icon"
12href="/static/favicon.ico" />
13<link rel="stylesheet"
14href="/static/pylons.css"
15type="text/css" media="screen" charset="utf-8" />
16<!--[if lte IE 6]>
17<link rel="stylesheet"
18href="/static/ie6.css"
19type="text/css" media="screen" charset="utf-8" />
20<![endif]-->
21</head>
22<body>
23<div id="wrap">
24<div id="top-small">
25<div class="top-small align-center">
26<div>
27<img width="220" height="50" alt="pyramid"
28src="/static/pyramid-small.png" />
29</div>
30</div>
31</div>
32<div id="middle">
33<div class="middle align-right">
34<div id="left" class="app-welcome align-left">
35Viewing <b><span tal:replace="page.__name__">Page Name
36Goes Here</span></b><br/>
37You can return to the
38<a href="${request.application_url}">FrontPage</a>.<br/>
39</div>
429