[web2py] Re: Datatables add buttons on each row and pass args to controller function

[Massimo Di Pierro]

I am not familiar with how database reads arguments but try replace

href='{{=URL('Herramientas','usuarioUpdate',args=["users.id"])}}'

with

href='{{=URL('Herramientas','usuarioUpdate'}}/users.id'

because anything in between {{...}} is executed by the server before it 
gets to datatables.


Also

def usuarioUpdate():
   return dict(formUsuarioUpdate=crud.update(db.Users,request.args(0)))

should be

def usuarioUpdate():
   return 
db(db.Users.id==request.args(0,cast=int)).update(**request.post_vars)


With some fiddle around you can make this work.
You may also want to consisder using web2py' sqlform.grid or 
https://github.com/ratiw/vuetable-2-tutorial/wiki





On Monday, 15 April 2019 20:24:58 UTC-7, Cristina Sig wrote:
>
> Hello everybody,
>
> I'm trying to add an "Edit" and "Delete" buttons on each row on a 
> Datatable. When I click on "edit", it calls a controller function and needs 
> to pass the id of that row as argument. I'm having issues doing it right. 
> Any suggestions?
>
>
> Thank you!
>
>
> My controller
>
>
> def usuarioUpdate():
>return dict(formUsuarioUpdate=crud.update(db.Users,request.args(0)))
>
>
> My view
>
>
>   
> var tabla;
> $(document).ready(function(){
>tabla=  $('#tablaGenerica').DataTable({
> "data":  {{=formListar}},
> "scrollX": false,
>  "dom": 'lrtip',
>  "searching": true,
>  "sRowSelect": 'single',
>  "language": {
>  "url": "{{=URL('static','js/tradutorTable.json')}}",
> },
>"columns": [
>   {
>  "class":"details-control",
>  "orderable":false,
>  "data":null,
>  "defaultContent": ""
>   },
>   { data: 'users.first_name' },
>   { data: 'users.last_name' },
>   { data: 'users.email' },
>   { data: 'users.username' },
>   {
>  "orderable":false,
>  "data":null,
>  "defaultContent": "
 href='{{=URL('Herramientas','usuarioUpdate',args=["users.id"])}}'> class='glyphicon glyphicon-pencil'>
",
>   },
>   ]
> });
> 
>
>  cellspacing="0" width="100%" >
> 
> 
> 
> Nombre
> Apellido
> Correo Electrónico
> Nombre de Usuario
> 
> 
> 
> 
>
>
>
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: Does web2py support SSE (server sent events) from HTML5?

[Anthony]

On Tuesday, April 16, 2019 at 11:14:10 AM UTC-4, João Matos wrote:
>
> Thanks Anthony, but I'm using Apache. 
>
> Do you know any current solution for Apache?
>

You should be able to run Centrifugo or Pushpin side-by-side with Apache 
(on a different port). You could even run Nginx alongside Apache, or even 
proxy from Nginx to Apache.
 

> Do you recommend Nginx over Apache? If so, why?
>

Nginx + uWSGI seems to be a common combination for web2py (and other Python 
frameworks) these days. Do some searches for pros and cons of each web 
server. I believe Nginx will be faster for serving static files, and of 
course it can serve as a reverse proxy, so it can serve both your Python 
app via uWSGI as well as proxy to something like Nchan or Centrifugo for 
real-time push connections.

Anthony 

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: one form multiple submits

[Dave S]

On Tuesday, April 16, 2019 at 2:56:53 PM UTC-7, Ben Lawrence wrote:
>
> The _value is the word that appears inside the button on the web-page. It 
> seems "Working..." is the value in form.vars where the key is _name.
>
> regards
> Ben
>

All the other buttons show up in form.vars as well?  I'd have expected only 
the one that was clicked.

I'll have to contrive an example at home.   My extra buttons at work are 
really anchors (I'mAButton) and exist outside of forms.
(The standard login form has multiple buttons in the form, but I'm not 
going to hack at that, and only one is type="submit")

/dps


-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: howto prevent XSS in json data

[Dave S]

On Tuesday, April 16, 2019 at 8:03:55 AM UTC-7, Alex wrote:
>
> Thanks for your suggestions. Although nothing gets me the desired result. 
> If I use urllib.quote or XML in the controller way too much gets escaped 
> (all < and > signs, blanks, etc.) which is not what I want. And I'd have to 
> do this for all attributes in every controller function.
>
> My problem is exactly the same as in this stackoverflow question for 
> django:
>
> https://stackoverflow.com/questions/14290517/safely-using-json-with-html-inside-of-the-json-in-django-templates
> in Django there seems to be an escapejs filter
>
>
Did you look at XML's permittted_tags and allowed_attributes? 

Then I found out that there is an ASSIGNJS helper in web2py which is 
> actually exactly what I need. Therefor I could replace
>
> 
> var filterSettings = {{=XML(filter_settings)}};
> 
>
> with
>
> 
> {{=ASSIGNJS(filterSettings=filter_settings)}};
> 
>
> and expect everything to work fine and safe. Only to find out that this is 
> vulnerable to the same exploit (at least in web2py 2.12.3). In case this 
> still happens with the newest web2py version this is a major security flaw 
> - if I'm not mistaken. I'll test this soon and then get back here.
>
> why we're still using such an old version? I waited very long until web2py 
> was Python 3 ready because upgrading web2py in our production system 
> involves a lot of work (update deployment process and all instances, lots 
> of testing, etc.). Since we need to upgrade to Python 3 anyway we only want 
> to upgrade once for now.
>
>
Goodness.  I'm feeling guilty about using 2.15.4, which is 2 1/2 years 
old.  At home I still have 2.14.6 on Windows  -- 3 years old, but I'm the 
only user, and I do try out newer versions at times.

/dps

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: database queries

[Dave S]

On Tuesday, April 16, 2019 at 5:54:54 AM UTC-7, learth...@gmail.com wrote:
>
> Hello,
>
> I'm sorry if I did not post my tests but I’m really beginner with web2py, 
> python... and I was a little afraid to look ridiculous.. (Sorry again but 
> my English is ridiculous too !!).
>
> First I tried with Mysql trough MysqlWorkbench and I quickly success to 
> get the minimum but only for a specific id with a simple SELECT and 
> MIN(price).
>
> When I tried to do the same thing for all existing spare parts, I stopped 
> with that because I blocked and got nothing good.
>
>  
>

I'm not sure what the cursor stuff is about, but what I think you want on 
the SQL side is a WHERE clause SELECT, something like

SELECT * FROM supplierchoice WHERE price == (SELECT min(price) FROM 
supplierchoice);

I haven't translated this into DAL yet, because where I use this is 
checking on my scheduled tasks, and I do it from a terminal window on the 
server.

(My exposure to cursors was in Android app development, where the cursor 
was a Java object, at least by the time I saw it.  I'm out-of-date on that 
environment these days.)

/dps

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: one form multiple submits

[Ben Lawrence]

The _value is the word that appears inside the button on the web-page. It 
seems "Working..." is the value in form.vars where the key is _name.

regards
Ben

On Thursday, April 11, 2019 at 3:20:23 PM UTC-7, Dave S wrote:
>
>
>
> On Thursday, April 11, 2019 at 10:03:34 AM UTC-7, Ben Lawrence wrote:
>>
>> HI
>> I have a form with multiple submit buttons. It works.
>>
>> But to me it seems like a kludge. Is there a better way?
>>
>> Here is the controller where dictlist is just a list of dictionaries with 
>> 'name' and 'id'
>> So the part that seems kludgey to me is checking which button was 
>> pressed. I do it by testing which of the buttons has the "Working..." value 
>>
>
> ITYM 'button name has the "Working" value'
>
> that is the default web2py behaviour
>>
>>
> What happens with the _value you set when you add the button?  Isn't that 
> returned only for the button that is clicked?
>
>  
>
>>
>> buttons = []
>>   for d in dictlist:
>> a = DIV( INPUT(_name = d['id'], _value = d['name'], _type = 
>> 'submit'\
>> , _class = "btn btn-outline-primary") )
>> buttons.append(a)
>>
>> form = SQLFORM.factory(buttons = buttons)
>>
>> if form.process().accepted:
>> for keys in form.vars:
>> # "working" is the web2py default text shown on the button 
>> after press
>> if name_form.vars[keys][0:4] == "Work":  
>>redirect(URL('temp', vars=dict(who = keys) ))
>>break
>>
>>
>>
>
> /dps
>  
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: database queries

[Dave S]

On Tuesday, April 16, 2019 at 5:54:54 AM UTC-7, learth...@gmail.com wrote:
>
> [skipping to what caught my eye first] 
>
Then I tried to do it by referring to what I found in the web2py manual. 
>
> That’s where I am now. This is only for the price but it’s the same for 
> the delay.
>
>  
>
> partid = db().select(db.parts.id)
>
>for i in partid:
>
> query = db.supplierchoice.parts == i
>
>rows = db(query).select(db.supplierchoice.parts, 
> db.supplierchoice.supplier, db.supplierchoice.price.min())
>
> response.flash = rows
>
>  
>
> I tried to show the result in a response.flash message before performing 
> an update of the fields best_price and best_delay of the table spare_parts 
> to avoid breaking everything but it shows me something that looks nothing 
> good.
>
> Depending on the tests, I get two different results: either web2py is KO 
> or my response.flash is very strange.
>
> Thank you both for taking the time to answer me even though I did not have 
> much detail.
>
>  
>
> Arthur
>

I would expect response.flash to look a bit strange in 2 ways:  a Rows 
object is not a simple string or number, but will  display as a conversion 
to string, something like
supplierchoice.idsupplierchoice.productnamesupplierchoice...
 
1long name of 10
 product

(I was expecting json format, but it appears the pretty printer is used)

And then you set response.flash in the for loop, but it isn't returned 
until after the for loop is done, so it will only show the last result.

/dps

 

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: Is it possible to update a Rows object with another Rows object?

[João Matos]

Thanks Anthony. I found out about belongs after posting.


terça-feira, 16 de Abril de 2019 às 21:51:03 UTC+1, Anthony escreveu:
>
> On Tuesday, April 16, 2019 at 11:11:09 AM UTC-4, João Matos wrote:
>>
>> Is it possible to update a Rows object with another Rows object?
>>
>> I would like to do something similar to this (except that update does not 
>> exist in Rows)
>>
>> rows = db(db.wo.id == int(request.args[0])).select()
>> if len(request.args) > 1:
>> for id_ in request.args[1:]:
>> rows.update(db(db.wo.id == int(id_)).select()
>>
>>
> Why not a single query to get all records:
>
> rows = db(db.wo.id.belongs(request.args)).select()
>
> Anthony
>  
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: Is it possible to update a Rows object with another Rows object?

[Anthony]

On Tuesday, April 16, 2019 at 11:11:09 AM UTC-4, João Matos wrote:
>
> Is it possible to update a Rows object with another Rows object?
>
> I would like to do something similar to this (except that update does not 
> exist in Rows)
>
> rows = db(db.wo.id == int(request.args[0])).select()
> if len(request.args) > 1:
> for id_ in request.args[1:]:
> rows.update(db(db.wo.id == int(id_)).select()
>
>
Why not a single query to get all records:

rows = db(db.wo.id.belongs(request.args)).select()

Anthony
 

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: How do i update a database value with a new computed value from a controller function

[Dave S]

On Monday, April 15, 2019 at 10:13:30 PM UTC-7, mostwanted wrote:
>
> I have a database of items sold, I am updating the quantity of an item by 
> subtracting the amount purchased from the current available Quantity. How 
> do i replace the old value with the difference between the current value 
> and the purchased value?
>
> In the controller below i have an *itemCount *for loop (highlighted in 
> red) that attempts to capture the selected item and its quantity, draw from 
> the database the similar item and subtract its specified quantity 
> (session.value) from the database Quantity value then update the database 
> Quantity column withe new value which is the difference between Quantity 
> and session.value
>
>
> CONTROLLER
>
>
> def buy():
> if not session.cart:
> session.flash = 'Add something to shopping cart'
> redirect(URL('index'))
> invoice = session.invoiceNo
> total = sum(db.product(id).price*qty for id,qty in session.cart.items())
> for key, value in session.cart.items():
> db.sales.insert(invoice=invoice,buyer=auth.user.id,product = 
> key,quantity = value,price=db.product(session.key).price)
>
> 
>
>
> *itemCount=db(db.product.name==key).select(db.product.ALL)for item in 
> itemCount:quantity=item.Quantity-value
> item.update_record(Quantity=quantity)*
>
> session.cart.clear()
> session.flash = 'Sale Complete'
> redirect(URL('invoice',args=invoice))
> return dict(cart=session.cart,form=form,total=total)
>
>
> I am hoping that the itemCount for loop will do the calculations and 
> update the Quantity column with the new value when the sale is being made. 
> I expect to find a new Quantity value when i look at the purchased items in 
> the database table, but that is not happening, how cn i fix this?
>
>
> Mostwanted
>

I suspect that you're getting None in itemCount ... in the line above the 
for loop, the list comprehension is getting id, qty from 
session.cart.items(), but you're expecting  key from key, value in 
session.cart.items() to match db.product.name.  I don't see that one 
iterator will be returning two different lists.

(P.S.  I mess up intermediate values a lot, so I use a lot of print 
statements, which works ok when I have a console (like at home), or when 
the Scheduler captures my task's stdout, but I also know how to turn on 
logging (it's simple enough even for me!) so I can do it right in 
production.)

/dps

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: Web3py

[En Ware]

Thank you , that did it.

On Tuesday, April 16, 2019 at 2:42:40 PM UTC-5, Massimo Di Pierro wrote:
>
> You have an old pydal. Do
>
> pip3 install --upgrade pydal
>
> Also do
>
> python3 web3py.py applications
>
> Not
>
> python3 web3py.py applications/todo/
>
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: Is it possible to update a Rows object with another Rows object?

[João Matos]

The solution is simply to add them :)
http://web2py.com/books/default/chapter/29/06/the-database-abstraction-layer#Combining-rows

Got help in the Telegram Web2py International Support Group at 
https://t.me/web2py_world/


terça-feira, 16 de Abril de 2019 às 16:11:09 UTC+1, João Matos escreveu:
>
> Is it possible to update a Rows object with another Rows object?
>
> I would like to do something similar to this (except that update does not 
> exist in Rows)
>
> rows = db(db.wo.id == int(request.args[0])).select()
> if len(request.args) > 1:
> for id_ in request.args[1:]:
> rows.update(db(db.wo.id == int(id_)).select()
>
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: Web3py

[Massimo Di Pierro]

You have an old pydal. Do

pip3 install --upgrade pydal

Also do

python3 web3py.py applications

Not

python3 web3py.py applications/todo/

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: Web3py

[黄祥]

On Tuesday, April 16, 2019 at 8:41:50 PM UTC+7, En Ware wrote:
>
> Getting error 
>
> |  / / / / __ |/___ \/ __ \ \/ /
> | | / / /_  / /_/ /___/ / /_/ /\  /
> | | /| / / __/ / __  //__  / / / /
> | |/ |/ / /___/ /_/ /___/ / / / /
> |___/|_/_/_/_/_/ /_/
> It is still experimental...
>
> Traceback (most recent call last):
>   File 
> "/Users/aaronm/.pyenv/versions/3.6.4/envs/web3py/web3py/web3py/core.py", 
> line 438, in import_apps
> module = importlib.import_module(app_name)
>   File 
> "/Users/aaronm/.pyenv/versions/3.6.4/lib/python3.6/importlib/__init__.py", 
> line 126, in import_module
> return _bootstrap._gcd_import(name[level:], package, level)
>   File "", line 994, in _gcd_import
>   File "", line 971, in _find_and_load
>   File "", line 955, in 
> _find_and_load_unlocked
>   File "", line 665, in _load_unlocked
>   File "", line 678, in exec_module
>   File "", line 219, in 
> _call_with_frames_removed
>   File 
> "/Users/aaronm/.pyenv/versions/3.6.4/envs/web3py/web3py/applications/examples/__init__.py",
>  
> line 4, in 
> from pydal.validators import IS_NOT_EMPTY, IS_INT_IN_RANGE
>   File 
> "/Users/aaronm/.pyenv/versions/web3py/lib/python3.6/site-packages/reloader.py",
>  
> line 158, in _import
> base = _baseimport(name, globals, locals, fromlist, level)
>   File 
> "/Users/aaronm/.pyenv/versions/web3py/lib/python3.6/site-packages/pydal/validators.py",
>  
> line 31, in 
> from pydal._compat import StringIO, integer_types, basestring, 
> unicodeT, urllib_unquote, \
> ImportError: cannot import name 'unicodeT'
>

pls provide the environment and the step to reproduce the error ?
tested run well on ubuntu python 3.6 and mac python 3.7 miniconda

best regards,
stifan

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Re: Web3py

[En Ware]

Is web3py running ? Do you see this in your terminal ? 

Bottle v0.12.16 server starting up (using WSGIRefServer())...
Listening on http://127.0.0.1:8000/
Hit Ctrl-C to quit.

Have you git pulled the latest changes ? 

How did you start web3py server ? 

On Tuesday, April 16, 2019 at 10:02:46 AM UTC-5, Ramos wrote:
>
> Not working...
>
> [image: image.png]
>
> Em ter, 16 de abr de 2019 às 14:41, En Ware  > escreveu:
>
>> Getting error 
>>
>> |  / / / / __ |/___ \/ __ \ \/ /
>> | | / / /_  / /_/ /___/ / /_/ /\  /
>> | | /| / / __/ / __  //__  / / / /
>> | |/ |/ / /___/ /_/ /___/ / / / /
>> |___/|_/_/_/_/_/ /_/
>> It is still experimental...
>>
>> Traceback (most recent call last):
>>   File 
>> "/Users/aaronm/.pyenv/versions/3.6.4/envs/web3py/web3py/web3py/core.py", 
>> line 438, in import_apps
>> module = importlib.import_module(app_name)
>>   File 
>> "/Users/aaronm/.pyenv/versions/3.6.4/lib/python3.6/importlib/__init__.py", 
>> line 126, in import_module
>> return _bootstrap._gcd_import(name[level:], package, level)
>>   File "", line 994, in _gcd_import
>>   File "", line 971, in _find_and_load
>>   File "", line 955, in 
>> _find_and_load_unlocked
>>   File "", line 665, in _load_unlocked
>>   File "", line 678, in exec_module
>>   File "", line 219, in 
>> _call_with_frames_removed
>>   File 
>> "/Users/aaronm/.pyenv/versions/3.6.4/envs/web3py/web3py/applications/examples/__init__.py",
>>  
>> line 4, in 
>> from pydal.validators import IS_NOT_EMPTY, IS_INT_IN_RANGE
>>   File 
>> "/Users/aaronm/.pyenv/versions/web3py/lib/python3.6/site-packages/reloader.py",
>>  
>> line 158, in _import
>> base = _baseimport(name, globals, locals, fromlist, level)
>>   File 
>> "/Users/aaronm/.pyenv/versions/web3py/lib/python3.6/site-packages/pydal/validators.py",
>>  
>> line 31, in 
>> from pydal._compat import StringIO, integer_types, basestring, 
>> unicodeT, urllib_unquote, \
>> ImportError: cannot import name 'unicodeT'
>>
>>
>>
>>
>>
>> On Thursday, April 11, 2019 at 12:31:29 PM UTC-5, En Ware wrote:
>>>
>>> I git installed web3py and quite enjoy it. I see its updated regular 
>>> too. 
>>>
>>> For those who don't know and maybe this is common sense , not sure. 
>>>
>>> once you *git clone https://github.com/web2py/web3py.git 
>>>   *do a *git pull*
>>>
>>> 2. reinstall requirements.txt (*pip3 install -r requirements.txt*) 
>>>  - Changes:  module "reloader" was added 
>>>
>>> 3. Launch web3py (should work just fine now) 
>>>
>>> * python3 web3py.py applications/todo/*
>>>
>>> 4. open browser and type: * localhost:8000 or 127.0.0.1:8000 
>>> /todo/index*
>>>
>>> -- 
>> Resources:
>> - http://web2py.com
>> - http://web2py.com/book (Documentation)
>> - http://github.com/web2py/web2py (Source code)
>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "web2py-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to web...@googlegroups.com .
>> For more options, visit https://groups.google.com/d/optout.
>>
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: Does anyone know if web2py supports the IN operator in a query?

[João Matos]

Found the solution using .belongs()

terça-feira, 16 de Abril de 2019 às 16:07:48 UTC+1, João Matos escreveu:
>
> Does anyone know if web2py supports the IN operator in a query?
>
> Doesn't seem to accept this
>
> db(db.wo.id in [1,2,3]).select()
>
> that would translate to SQL like this
>
> SELECT * FROM wo WHERE id IN (1, 2, 3)
>
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: Does web2py support SSE (server sent events) from HTML5?

[João Matos]

Thanks Anthony, but I'm using Apache. 

Do you know any current solution for Apache?

Do you recommend Nginx over Apache? If so, why?

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Is it possible to update a Rows object with another Rows object?

[João Matos]

Is it possible to update a Rows object with another Rows object?

I would like to do something similar to this (except that update does not 
exist in Rows)

rows = db(db.wo.id == int(request.args[0])).select()
if len(request.args) > 1:
for id_ in request.args[1:]:
rows.update(db(db.wo.id == int(id_)).select()

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Does anyone know if web2py supports the IN operator in a query?

[João Matos]

Does anyone know if web2py supports the IN operator in a query?

Doesn't seem to accept this

db(db.wo.id in [1,2,3]).select()

that would translate to SQL like this

SELECT * FROM wo WHERE id IN (1, 2, 3)

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: howto prevent XSS in json data

[Alex]

Thanks for your suggestions. Although nothing gets me the desired result. 
If I use urllib.quote or XML in the controller way too much gets escaped 
(all < and > signs, blanks, etc.) which is not what I want. And I'd have to 
do this for all attributes in every controller function.

My problem is exactly the same as in this stackoverflow question for django:
https://stackoverflow.com/questions/14290517/safely-using-json-with-html-inside-of-the-json-in-django-templates
in Django there seems to be an escapejs filter

Then I found out that there is an ASSIGNJS helper in web2py which is 
actually exactly what I need. Therefor I could replace


var filterSettings = {{=XML(filter_settings)}};


with


{{=ASSIGNJS(filterSettings=filter_settings)}};


and expect everything to work fine and safe. Only to find out that this is 
vulnerable to the same exploit (at least in web2py 2.12.3). In case this 
still happens with the newest web2py version this is a major security flaw 
- if I'm not mistaken. I'll test this soon and then get back here.

why we're still using such an old version? I waited very long until web2py 
was Python 3 ready because upgrading web2py in our production system 
involves a lot of work (update deployment process and all instances, lots 
of testing, etc.). Since we need to upgrade to Python 3 anyway we only want 
to upgrade once for now.

On Tuesday, April 16, 2019 at 1:41:39 PM UTC+2, Leonel Câmara wrote:
>
> Another thing you can do is simply quote the name
>
>
> import urllib
> filter_settings = dict(name=urllib.quote(request.vars.name))
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Re: Web3py

[António Ramos]

Not working...

[image: image.png]

Em ter, 16 de abr de 2019 às 14:41, En Ware  escreveu:

> Getting error
>
> |  / / / / __ |/___ \/ __ \ \/ /
> | | / / /_  / /_/ /___/ / /_/ /\  /
> | | /| / / __/ / __  //__  / / / /
> | |/ |/ / /___/ /_/ /___/ / / / /
> |___/|_/_/_/_/_/ /_/
> It is still experimental...
>
> Traceback (most recent call last):
>   File
> "/Users/aaronm/.pyenv/versions/3.6.4/envs/web3py/web3py/web3py/core.py",
> line 438, in import_apps
> module = importlib.import_module(app_name)
>   File
> "/Users/aaronm/.pyenv/versions/3.6.4/lib/python3.6/importlib/__init__.py",
> line 126, in import_module
> return _bootstrap._gcd_import(name[level:], package, level)
>   File "", line 994, in _gcd_import
>   File "", line 971, in _find_and_load
>   File "", line 955, in
> _find_and_load_unlocked
>   File "", line 665, in _load_unlocked
>   File "", line 678, in exec_module
>   File "", line 219, in
> _call_with_frames_removed
>   File
> "/Users/aaronm/.pyenv/versions/3.6.4/envs/web3py/web3py/applications/examples/__init__.py",
> line 4, in 
> from pydal.validators import IS_NOT_EMPTY, IS_INT_IN_RANGE
>   File
> "/Users/aaronm/.pyenv/versions/web3py/lib/python3.6/site-packages/reloader.py",
> line 158, in _import
> base = _baseimport(name, globals, locals, fromlist, level)
>   File
> "/Users/aaronm/.pyenv/versions/web3py/lib/python3.6/site-packages/pydal/validators.py",
> line 31, in 
> from pydal._compat import StringIO, integer_types, basestring,
> unicodeT, urllib_unquote, \
> ImportError: cannot import name 'unicodeT'
>
>
>
>
>
> On Thursday, April 11, 2019 at 12:31:29 PM UTC-5, En Ware wrote:
>>
>> I git installed web3py and quite enjoy it. I see its updated regular too.
>>
>> For those who don't know and maybe this is common sense , not sure.
>>
>> once you *git clone https://github.com/web2py/web3py.git
>>   *do a *git pull*
>>
>> 2. reinstall requirements.txt (*pip3 install -r requirements.txt*)
>>  - Changes:  module "reloader" was added
>>
>> 3. Launch web3py (should work just fine now)
>>
>> * python3 web3py.py applications/todo/*
>>
>> 4. open browser and type: * localhost:8000 or 127.0.0.1:8000
>> /todo/index*
>>
>> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to web2py+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: Web3py

[En Ware]

Getting error 

|  / / / / __ |/___ \/ __ \ \/ /
| | / / /_  / /_/ /___/ / /_/ /\  /
| | /| / / __/ / __  //__  / / / /
| |/ |/ / /___/ /_/ /___/ / / / /
|___/|_/_/_/_/_/ /_/
It is still experimental...

Traceback (most recent call last):
  File 
"/Users/aaronm/.pyenv/versions/3.6.4/envs/web3py/web3py/web3py/core.py", 
line 438, in import_apps
module = importlib.import_module(app_name)
  File 
"/Users/aaronm/.pyenv/versions/3.6.4/lib/python3.6/importlib/__init__.py", 
line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
  File "", line 994, in _gcd_import
  File "", line 971, in _find_and_load
  File "", line 955, in _find_and_load_unlocked
  File "", line 665, in _load_unlocked
  File "", line 678, in exec_module
  File "", line 219, in 
_call_with_frames_removed
  File 
"/Users/aaronm/.pyenv/versions/3.6.4/envs/web3py/web3py/applications/examples/__init__.py",
 
line 4, in 
from pydal.validators import IS_NOT_EMPTY, IS_INT_IN_RANGE
  File 
"/Users/aaronm/.pyenv/versions/web3py/lib/python3.6/site-packages/reloader.py", 
line 158, in _import
base = _baseimport(name, globals, locals, fromlist, level)
  File 
"/Users/aaronm/.pyenv/versions/web3py/lib/python3.6/site-packages/pydal/validators.py",
 
line 31, in 
from pydal._compat import StringIO, integer_types, basestring, 
unicodeT, urllib_unquote, \
ImportError: cannot import name 'unicodeT'





On Thursday, April 11, 2019 at 12:31:29 PM UTC-5, En Ware wrote:
>
> I git installed web3py and quite enjoy it. I see its updated regular too. 
>
> For those who don't know and maybe this is common sense , not sure. 
>
> once you *git clone https://github.com/web2py/web3py.git 
>   *do a *git pull*
>
> 2. reinstall requirements.txt (*pip3 install -r requirements.txt*) 
>  - Changes:  module "reloader" was added 
>
> 3. Launch web3py (should work just fine now) 
>
> * python3 web3py.py applications/todo/*
>
> 4. open browser and type: * localhost:8000 or 127.0.0.1:8000 
> /todo/index*
>
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: Does web2py support SSE (server sent events) from HTML5?

[Anthony]

If you are using Nginx as a proxy server, you might consider Nchan 
. It holds the HTTP/websocket connections and has a 
pubsub system, and your web2py app simply sends and receives regular 
short-lived HTTP requests. Similar alternatives are Centrifugo 
 and Pushpin 
.

Anthony

On Saturday, April 13, 2019 at 3:06:46 PM UTC-4, João Matos wrote:
>
> It would be great if web3py would support SSE.
>
> For now, the websocket solution would work with Apache?
>
> sábado, 13 de Abril de 2019 às 16:26:13 UTC+1, Massimo Di Pierro escreveu:
>>
>> No. we do provide a web2py/gluon/contrib/websocket_messaging.py which 
>> uses tornado and webocket for the same purpose.
>> web3py may provide this functionality.
>>
>> On Friday, 12 April 2019 15:36:38 UTC-7, João Matos wrote:
>>>
>>> Does web2py support SSE (server sent events) from HTML5?
>>> https://www.w3schools.com/html/html5_serversentevents.asp
>>>
>>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: database queries

[learthurjoly]

Hello,

I'm sorry if I did not post my tests but I’m really beginner with web2py, 
python... and I was a little afraid to look ridiculous.. (Sorry again but 
my English is ridiculous too !!).

First I tried with Mysql trough MysqlWorkbench and I quickly success to get 
the minimum but only for a specific id with a simple SELECT and MIN(price).

When I tried to do the same thing for all existing spare parts, I stopped 
with that because I blocked and got nothing good.

 

DROP PROCEDURE IF EXISTS test;

DELIMITER |

CREATE PROCEDURE test()

BEGIN

DECLARE c_id INT(11);

DECLARE cursor_id CURSOR FOR SELECT id FROM parts ORDER BY 
id;

OPEN cursor_id;

id_loop: LOOP

FETCH cursor_id INTO 
c_id;   



IF c_id = 3 THEN

LEAVE id_loop;

END IF;

SELECT parts, supplier, price FROM supplierchoice ORDER BY parts;

INSERT INTO V_select_supchoice (parts, supplier, price) SELECT (parts, 
supplier, MIN(price)) WHERE parts = c_id;



END LOOP;

CLOSE cursor_id;

END |

DELIMITER ;

 

Then I tried to do it by referring to what I found in the web2py manual.

That’s where I am now. This is only for the price but it’s the same for the 
delay.

 

partid = db().select(db.parts.id)

   for i in partid:

query = db.supplierchoice.parts == i

   rows = db(query).select(db.supplierchoice.parts, 
db.supplierchoice.supplier, db.supplierchoice.price.min())

response.flash = rows

 

I tried to show the result in a response.flash message before performing an 
update of the fields best_price and best_delay of the table spare_parts to 
avoid breaking everything but it shows me something that looks nothing good.

Depending on the tests, I get two different results: either web2py is KO or 
my response.flash is very strange.

Thank you both for taking the time to answer me even though I did not have 
much detail.

 

Arthur

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: Smartgrid link very slow.

[David Manns]

The problem is with SQLFORM.grid

Table Affiliations has some 5,000 rows. Each row has references to 2 other 
tables, Members and Colleges each of which has format=... so it displays 
text rather than the id as a number.

So SQLFORM.grid(db.Affiliations.Member==,  will correctly display 
only the (usually 1) rows out of the 5,000 odd referring to . However, 
this takes many seconds to process, I suspect its doing a full left join of 
Affiliations with Members and Colleges, whereas a select like

db(db.Affiliations.Member==member.id).select(db.Affiliations.ALL, 
db.Colleges.ALL, db.Members.ALL,

left=[db.Colleges.on(db.Colleges.id==db.Affiliations.College),
  
db.Members.on(db.Members.id==db.Affiliations.Member)], ...

takes no time at all.



On Monday, April 15, 2019 at 12:24:44 PM UTC-4, David Manns wrote:
>
>
> here is my smartgrid (simplified to show only essential pieces):
>
> grid = SQLFORM.smartgrid(db.Members, linked_tables=['Affiliations'],
> constraints=dict(Members=query),
> deletable=False, details=False, editable=True, 
> create=True)
>  
>
> Members is a table with several thousand records.
> Affiliations is a table with a reference field back to Members; each 
> member generally has a small number of Affiliations.
> query on the Member table that selects a number of Members (generally a 
> few up to a few hundred).
>
> The page displays the subset of Members efficiently, with each selected 
> member including an edit button and an Affiliations link.
>
> As expected the edit button displays the individual Member record promptly.
>
> Clicking the Affiliations link does display the page showing the small 
> number of affiliations belonging to the member as one would expect, but 
> very slowly (order of 10 seconds in my test environment). It must be 
> retrieving all Affiliations and then filtering to rows belonging to the 
> member???
>
> I'm updating an aging implementation that uses legacy crud, as smartgrid 
> will allow me to greatly reduce the amount and complexity of controller 
> code, however the legacy implementation generates the equivalent page with 
> no apparent delay.
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: Web3py

[黄祥]

after learn the code *web3py/web3py/core.py*
python3 /web3py/web3py-start /web3py/applications/ is automatically run the 
address 127.0.0.1:8000
so the correct one to make it run on docker should use :
python3 /web3py/web3py-start /web3py/applications/ --address 0.0.0.0:8000

think there are two options
first change the default address on core.py
*from*
parser.add_argument('--address', default='127.0.0.1:8000',help='serving 
address')

*into*
parser.add_argument('--address', default='0.0.0.0:8000',help='serving 
address')

*or second choice*
change the CMD path for docker and add the parameter address
python3 /web3py/web3py-start /web3py/applications/ --address 0.0.0.0:8000

so Dockerfile tested work
cat << EOF > Dockerfile
FROM ubuntu:latest

RUN apt update && \
 apt install -y git python3-pip && \
 cd / && \
 git clone https://github.com/web2py/web3py && \
 cd web3py && \
 pip3 install -r requirements.txt

WORKDIR /web3py

CMD python3 /web3py/web3py-start /web3py/applications/ --address 0.0.0.0:
8000

EXPOSE 8000

EOF
docker build -t test/web3py_cook .
docker run -d \
 -p 8000:8000 \
 --name web3py_cook \
 test/web3py_cook
docker ps -a

for docker image base, python image base take > 200 mb while another os < 
100 mb, your choice.

best regards,
stifan

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: howto prevent XSS in json data

[Leonel Câmara]

Another thing you can do is simply quote the name


import urllib
filter_settings = dict(name=urllib.quote(request.vars.name))

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] CORS headers on static file

[David Orme]

Hi,

I'm running a static website from an S3 bucket that calls an API running on 
web2py and I've run into a problem with CORS.  I can update the headers for 
API calls by editing the calls() controller:

def call():
"""
exposes services. for example:
http:///[app]/default/call/jsonrpc
decorate with @services.jsonrpc the functions to expose
supports xml, json, xmlrpc, jsonrpc, amfrpc, rss, csv
"""


# Set response headers
response.headers['Pragma'] = None
response.headers['Access-Control-Allow-Origin'] = '*'
response.headers['Access-Control-Allow-Headers'] = 'Content-Type'
response.headers['Access-Control-Allow-Methods'] = 'GET, OPTIONS'


# Dump the session to remove Set-Cookie
session.forget(response)


return service()


What I can't figure out how to do is to provide those headers for some 
static resources. I could wrap them up in a service and cache them, but is 
there a way to preserve the existing path and adjust the CORS headers? A 
quick look at gluon/main.py makes it seem tricky, but there are a lot of 
moving parts in there!

Cheers,
David

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Controller/function called via ajax() returns javascript inside JS

[Octavian G]

Hello,

 Using web2py-1.18.5. Calling a controller/function via:

onclick="ajax('{{=URL('bla', 'bla.load', vars={'whatever': 'all'})}}', [], 
':eval')


Inside the function, there is:

script = "$ javascript code here;"
return script


The generic.load is the default one. 

Jquery complains that it can't eval the returned value because of a syntax 
error. The code itself has no syntax error, but it is returned like this:

JS CODE HERE


Any ideas about what's happening ?

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: Web3py

[黄祥]

nice dashboard, only myapp can work from dashboard link
some strange behaviour, when accessing dashboard (without index), it 
automatic add dashboard/static/index.html, while for another web app is 
not, must add index manually.

sorry forgot to test about docker-compose (not work either, guess the 
problem is on web server side, hard to trace because no log provided yet 
both on web3py folder or in /var/log/)
git clone https://github.com/web2py/web3py 
cd web3py/docker
docker-compose up -d
$ docker-compose ps
  Name Command  StatePorts
---
docker_postgres_1   docker-entrypoint.sh postgres   Up   0.0.0.0:5432->
5432/tcp
docker_web_1web3py-start applications   Exit 1

best regards,
stifan

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Re: Problem with oracle query

[gliporace]

I didn't create the table, I was trying to connect to a read-only view from 
one of our oracle servers, I'm just a user:)
Thanks for the explanation though, now I changed the name of the table to 
uppercase in the model definition
and it works without entity_quoting = False.

Gianfranco.

Il giorno martedì 16 aprile 2019 08:49:14 UTC+2, Kevin Keller ha scritto:
>
> When a table is created in Oracle, it is always created in uppercase 
> letters, if not created by using quotes. 
>
> create table test= TEST
> create table "test" = test
>
> it is very likely that the table when created, was created without quotes 
> and hence the table name is saved in uppercase letters. 
> Now you query using quotes in lowercase letters and it doesnt find the 
> table. 
> when you removed the quotes, Oracle defaults to uppercase letters again 
> and found the table. 
>
>
>
> On Tue, Apr 16, 2019 at 7:53 AM Massimo Di Pierro  > wrote:
>
>> Damn Oracle! Can you find some documentation that says that quoting of 
>> table names is not supported and we will change? Want to make sure there 
>> not some other configuration quirk before removing a useful feature.
>>
>> On Monday, 15 April 2019 04:20:36 UTC-7, gliporace wrote:
>>>
>>> I think I found the problem:
>>> the query is sent with the table name double-quoted:
>>>
>>> select "ana_paz"."COGNOME", "ana_paz"."NOME" from "ana_paz" where 
>>> "ana_paz"."COGNOME"='ROSSI'  <--- doesn't not work ("table or view does 
>>> not exists")
>>>
>>> select ana_paz."COGNOME", ana_paz."NOME" from "ana_paz" where 
>>> ana_paz."COGNOME"='ROSSI'  < works
>>>
>>> Setting 
>>> entity_quoting = False
>>>
>>> in the database connection solved the problem.
>>>
>>>
>>>
>>> Il giorno venerdì 12 aprile 2019 17:00:14 UTC+2, gliporace ha scritto:

 Hi,
 I just updated my web2py installation from 2.11 to 2.18.5, but the apps 
 who make use of cx_Oracle for connecting to a Oracle database show this 
 error 
 when ther try to query a table/view:

 Exception ORA-00942: table or view does not exist

 The old web2py installation run without problems on a Ubuntu server 
 14.04 and cx_Oracle 5.3, the new installation is on Ubuntu server 16.04 
 with the same version of cx_Oracle.

 Is there any means to check what is the query before is sent to the 
 server?

>>> -- 
>> Resources:
>> - http://web2py.com
>> - http://web2py.com/book (Documentation)
>> - http://github.com/web2py/web2py (Source code)
>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "web2py-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to web...@googlegroups.com .
>> For more options, visit https://groups.google.com/d/optout.
>>
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: I would like to log of all SQL commands web2py sends to SQLite. Is it possible?

[Dave S]

On Monday, April 15, 2019 at 4:27:22 AM UTC-7, João Matos wrote:
>
> Thanks Anthony.
>
> I went with a simple solution that serves my purpose (it's a temporary 
> need).
>
> I added this code starting with # JM to the 
> gluon\packages\dal\pydal\adapters\base.py at line 413.
>

Good thing it's a temporary need, because this tweak will get lost when you 
upgrade.  Using the logging configuration, however, can be used without 
getting clobbered by updates.  And turning on logging is simple (it's the 
native Python logging, basically), and could be turned on or off by your 
appini file.

/dps

 

> @with_connection_or_raise
> def execute(self, *args, **kwargs):
> command = self.filter_sql_command(args[0])
> handlers = self._build_handlers_for_execution()
> for handler in handlers:
> handler.before_execute(command)
>
> # JM
> with open('c:\\web2py\\logs\\sql.log', 'a', encoding='utf-8') as 
> f_out:  # type: TextIO
> if str(command) == 'PRAGMA foreign_keys=ON;':
> f_out.write('***' + '\r\n')
> f_out.write(command + '\r\n')
> else:
> f_out.write(command + '\r\n')
>
> # if str(command) == 'PRAGMA foreign_keys=ON;':
> # print('***')
> # print(command)
> # else:
> # print(command)
>
>
>
> domingo, 17 de Março de 2019 às 18:18:00 UTC, Anthony escreveu:
>>
>> See http://web2py.com/books/default/chapter/29/04/the-core#Logging. For 
>> the logging.conf file format, see 
>> https://docs.python.org/2/library/logging.config.html#logging-config-fileformat.
>>  
>> You'll need to set up a handler for the "pyDAL" logger, which is what the 
>> DAL uses for logging.
>>
>> On Sunday, March 17, 2019 at 4:39:26 AM UTC-4, João Matos wrote:
>>>
>>> Thanks Anthony, I activated debug=True in DAL but I can't find any log 
>>> file.
>>> Do you have any idea where it is created?
>>>
>>>
>>> domingo, 17 de Março de 2019 às 00:26:54 UTC, Anthony escreveu:

 Also, if you set DAL(..., debug=True), I believe all SQL commands will 
 be logged to the "pyDAL" logger.

 Anthony

 On Saturday, March 16, 2019 at 5:57:47 PM UTC-4, Anthony wrote:
>
> Commands issued during migration operations are already saved to 
> /databases/sql.log. If you want all commands (i.e., queries), note that 
> on 
> each request, there is db._timings, which is a list of tuples, where the 
> first element of each tuple is the SQL command issued and the second 
> element is the amount of time it took to execute. At the end of every 
> request, you could dump the contents of db._timings to a log. You can do 
> that by assigning a callback function to response._caller(), which wraps 
> all calls to controller actions. Note, it will therefore miss any queries 
> that are run in views, but it's probably not a good idea to run queries 
> in 
> views anyway. You could also set up middleware to do the logging: 
> http://web2py.com/books/default/chapter/29/04/the-core?search=_caller#WSGI
> .
>
> Anthony
>
> On Saturday, March 16, 2019 at 4:54:52 PM UTC-4, João Matos wrote:
>>
>> Hello,
>>
>> I would like to log of all SQL commands web2py sends to SQLlite. Is 
>> it possible?
>>
>> Thanks,
>>
>> JM
>>
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: howto prevent XSS in json data

[Dave S]

On Monday, April 15, 2019 at 11:45:06 PM UTC-7, Dave S wrote:
>
> On Monday, April 15, 2019 at 11:04:26 AM UTC-7, Alex wrote:
>>
>> thanks for your answer. Problem is when I use sanitize then the output is
>> var filterSettings = {section 
>> /scriptiframe;
>>
>> which is not valid js because the attribute quotes should not be escaped
>>
>> btw, I'm using web2py 2.12.3 - maybe that's fixed/improved in future 
>> versions? or am I doing something wrong?
>>
>> That's really old.  Really, really old. And I feel guilty about using 
> 2.14.6 at home.
>
> How about  applying the sanitize to request.vars.name.before making the 
> dict in your controller? 
>
> filter_settings = dict(name=XML(request.vars.name, sanitize=True))
>
>
> You could also look at the parameters permitted_tags and 
allowed_attributes .

/dps


> On Monday, April 15, 2019 at 7:50:30 PM UTC+2, Leonel Câmara wrote:
>>>
>>> Change it to:
>>>
>>> 
>>> var filterSettings = {{=XML(filter_settings, sanitize=True)}};
>>> 
>>>
>>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Re: Problem with oracle query

[Kevin Keller]

When a table is created in Oracle, it is always created in uppercase
letters, if not created by using quotes.

create table test= TEST
create table "test" = test

it is very likely that the table when created, was created without quotes
and hence the table name is saved in uppercase letters.
Now you query using quotes in lowercase letters and it doesnt find the
table.
when you removed the quotes, Oracle defaults to uppercase letters again and
found the table.



On Tue, Apr 16, 2019 at 7:53 AM Massimo Di Pierro <
massimo.dipie...@gmail.com> wrote:

> Damn Oracle! Can you find some documentation that says that quoting of
> table names is not supported and we will change? Want to make sure there
> not some other configuration quirk before removing a useful feature.
>
> On Monday, 15 April 2019 04:20:36 UTC-7, gliporace wrote:
>>
>> I think I found the problem:
>> the query is sent with the table name double-quoted:
>>
>> select "ana_paz"."COGNOME", "ana_paz"."NOME" from "ana_paz" where
>> "ana_paz"."COGNOME"='ROSSI'  <--- doesn't not work ("table or view does
>> not exists")
>>
>> select ana_paz."COGNOME", ana_paz."NOME" from "ana_paz" where
>> ana_paz."COGNOME"='ROSSI'  < works
>>
>> Setting
>> entity_quoting = False
>>
>> in the database connection solved the problem.
>>
>>
>>
>> Il giorno venerdì 12 aprile 2019 17:00:14 UTC+2, gliporace ha scritto:
>>>
>>> Hi,
>>> I just updated my web2py installation from 2.11 to 2.18.5, but the apps
>>> who make use of cx_Oracle for connecting to a Oracle database show this
>>> error
>>> when ther try to query a table/view:
>>>
>>> Exception ORA-00942: table or view does not exist
>>>
>>> The old web2py installation run without problems on a Ubuntu server
>>> 14.04 and cx_Oracle 5.3, the new installation is on Ubuntu server 16.04
>>> with the same version of cx_Oracle.
>>>
>>> Is there any means to check what is the query before is sent to the
>>> server?
>>>
>> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to web2py+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: Web3py

[Massimo Di Pierro]

The http://localhost:8000/dashboard needs some love. It is very crude. 
Click on the spinning thing to reload the app when editing it.

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: howto prevent XSS in json data

[Dave S]

On Monday, April 15, 2019 at 11:04:26 AM UTC-7, Alex wrote:
>
> thanks for your answer. Problem is when I use sanitize then the output is
> var filterSettings = {section 
> /scriptiframe;
>
> which is not valid js because the attribute quotes should not be escaped
>
> btw, I'm using web2py 2.12.3 - maybe that's fixed/improved in future 
> versions? or am I doing something wrong?
>
> That's really old.  Really, really old. And I feel guilty about using 
2.14.6 at home.

How about  applying the sanitize to request.vars.name.before making the 
dict in your controller? 

filter_settings = dict(name=XML(request.vars.name, sanitize=True))


/dps


On Monday, April 15, 2019 at 7:50:30 PM UTC+2, Leonel Câmara wrote:
>>
>> Change it to:
>>
>> 
>> var filterSettings = {{=XML(filter_settings, sanitize=True)}};
>> 
>>
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: SQLTABLE and SQLFORM.grid with PRE()

[Dave S]

On Monday, April 15, 2019 at 10:51:17 PM UTC-7, Massimo Di Pierro wrote:
>
> db.table.field.represent = lambda value, row: PRE(value)
>
>
Obvious now!  Thank you much.

/dps
 

> On Monday, 15 April 2019 02:19:07 UTC-7, Dave S wrote:
>>
>> I'd like to apply PRE() to each entry in a particular column.  What's the 
>> way to do this with SQLTABLE() and SQLFORM.grid() ?
>>
>> /dps
>>
>>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.