A WIKI 75 66 pattern = '%' + request.vars.keyword.lower() + '%' 67 pages = db(db.page.title.lower().like(pattern))\ 68 .select(orderby=db.page.title) 69 items = [A(row.title, _href=URL(r=request, f=show, args=row.id)) \ 70 for row in pages] 71 return UL( * items).xml() Lines 2-6 provide a comment for the index action. Lines 4-5 inside the comment are interpreted by python as test code (doctest). Tests can be run via the admin interface. In this case the tests verify that the index action runs without errors. Lines 19, 33, and 43 try fetch a page record with the id in request.args(0). Line 14, 24 and 47 define and process create forms, for a new page and a new comment and a new document respectively. Line 36 defines and process an update form for a wiki page. Some magic happens in line 59. The onkeyup attribute of the INPUT tag "keyword" is set. Every time the visitor presses a key or releases a key, the JavaScript code inside the onkeyup attribute is executed, client-side. Here is the JavaScript code: 1 ajax('bg_find', ['keyword'], 'target'); ajax is a JavaScript function defined in the file "web2py ajax.html" which is included by the default "layout.html". It takes three parameters: the URL of the action that performs the synchronous callback ("bg find"), a list of the IDs of variables to be sent to the callback (["keyword"]), and the ID where the response has to be inserted ("target"). As soon as you type something in the search box and release a key, the client calls the server and sends the content of the ’keyword’ field, and, when the sever responds, the response is embedded in the page itself as the innerHTML of the ’target’ tag. The ’target’ tag is a DIV defined in line 75. It could have been defined in the view as well. Here is the code for the view "default/create.html": 1 {{extend 'layout.html'}} 2 <h1>Create new wiki page</h1> 3 {{=form}} If you visit the create page, you see the following: 76 OVERVIEW Here is the code for the view "default/index.html": 1 {{extend 'layout.html'}} 2 <h1>Available wiki pages</h1> 3 [ {{=A('search', _href=URL(r=request, f='search'))}} ]<br /> 4 <ul>{{for page in pages:}} 5 {{=LI(A(page.title, _href=URL(r=request, f='show', args=page.id) ))}} 6 {{pass}}</ul> 7 [ {{=A('create page', _href=URL(r=request, f='create'))}} ] It generates the following page: Here is the code for the view "default/show.html": 1 {{extend 'layout.html'}} 2 <h1>{{=page.title}}</h1> A WIKI 77 3 [ {{=A('edit', _href=URL(r=request, f='edit', args=request.args))}} 4 | {{=A('documents', _href=URL(r=request, f='documents', args=request. args))}} ]<br /> 5 {{import gluon.contrib.markdown}} 6 {{=gluon.contrib.markdown.WIKI(page.body)}} 7 <h2>Comments</h2> 8 {{for comment in comments:}} 9 <p>{{=db.auth_user[comment.created_by].first_name}} on {{=comment. created_on}} 10 says <I>{{=comment.body}}</i></p> 11 {{pass}} 12 <h2>Post a comment</h2> 13 {{=form}} web2py includes gluon.contrib.markdown.WIKI, which knowshowto con- vert Markdown syntax to HTML. Alternatively, you could have chosen to accept raw HTML instead of Markdown syntax. In this case you would have to replace: 1 {{=gluon.contrib.markdown.WIKI(page.body)}} with: 1 {{=XML(page.body)}} (so that the XML does not get escaped, as by default web2py behavior). This can be done better with: 1 {{=XML(page.body, sanitize=True)}} By setting sanitize=True, you tell web2py to escape unsafe XML tags such as "<script>", and thus prevent XSS vulnerabilities. Now if, from the index page, you click on a page title, you can see the page that you have created: 78 OVERVIEW Here is the code for the view "default/edit.html": 1 {{extend 'layout.html'}} 2 <h1>Edit wiki page</h1> 3 [ {{=A('show', _href=URL(r=request, f='show', args=request.args))}} ]<br /> 4 {{=form}} It generates a page that looks almost identical to the create page. Here is the code for the view "default/documents.html": 1 {{extend 'layout.html'}} 2 <h1>Documents for page: {{=page.title}}</h1> 3 [ {{=A('show', _href=URL(r=request, f='show', args=request.args))}} ]<br /> 4 <h2>Documents</h2> 5 {{for document in documents:}} 6 {{=A(document.name, _href=URL(r=request, f='download', args= document.file))}} 7 <br /> 8 {{pass}} 9 <h2>Post a document</h2> 10 {{=form}} If, from the "show" page, you click on documents, you can now manage the documents attached to the page. A WIKI 79 Finally here is the code for the view "default/search.html": 1 {{extend 'layout.html'}} 2 <h1>Search wiki pages</h1> 3 [ {{=A('listall', _href=URL(r=request, f='index'))}}]<br /> 4 {{=form}}<br />{{=target_div}} which generates the following Ajax search form: You can also try to call the callbackaction directly byvisiting, for example, the following URL: 1 http://127.0.0.1:8000/mywiki/default/search/keyword=wiki If you look at the page source you see the HTML returned by the callback: 1 <ul><li><a href="/mywiki/default/show/4">I made a Wiki</a></li></ul> Generating an RSS feed from the stored pages using web2py is easy because web2py includes gluon.contrib.rss2. Just append the following action to the default controller: 80 OVERVIEW 1 def news(): 2 "generates rss feed form the wiki pages" 3 import gluon.contrib.markdown as md 4 pages = db().select(db.page.ALL, orderby=db.page.title) 5 return dict( 6 title = 'mywiki rss feed', 7 link = 'http://127.0.0.1:8000/mywiki/default/index', 8 description = 'mywiki news', 9 created_on = request.now, 10 items = [ 11 dict(title = row.title, 12 link = URL(r=request, f='show', args=row.id), 13 description = md.WIKI(row.body).xml(), 14 created_on = row.created_on 15 ) for row in pages] 16 ) and when you visit the page 1 http://127.0.0.1:8000/mywiki/default/news.rss you see the feed (the exact output depends on the feed reader). Notice that the dict is automatically converted to RSS, thanks to the .rss extension in the URL. web2py also includes feedparser to read third-party feeds. Finally, let’s add an XML-RPC handler that allows searching the wiki programmatically: 1 service=Service(globals()) 2 3 @service.xmlrpc() 4 def find_by(keyword): 5 "finds pages that contain keyword for XML-RPC" 6 return db(db.page.title.lower().like('%' + keyword + '%'))\ 7 .select().as_list() 8 9 def call(): MORE ON ADMIN 81 10 "exposes all registered services, including XML-RPC" 11 return service() Here, the handler action simply publishes (via XML-RPC), the functions specified in the list. In this case, find by. find by is not an action (because it takes an argument). It queries the database with .select() and then extracts the records as a list with .response and returns the list. Here is an example of how to access the XML-RPC handler from an external Python program. 1 >>> import xmlrpclib 2 >>> server = xmlrpclib.ServerProxy( 3 'http://127.0.0.1:8000/mywiki/default/call/xmlrpc') 4 >>> for item in server.find_by('wiki'): 5 print item.created_on, item.title The handler can be accessed from many other programming languages that understand XML-RPC, including C, C++, C# and Java. 3.10 More on admin The administrative interface provides additional functionality that we briefly review here. [site] This page lists all installed applications. There are two forms at the bottom. The first of them allows creating a new application by specifying its name. The second form allows uploading an existing application from either a local file or a remote URL. When you upload an application, you need to specify a name for it. This can be its original name, but does not need to be. This allows installing multiple copies of the same application. You can try, for example, to upload the KPAX content management system from: 1 http://web2py.com/appliances/default/download/app.source .221663266939.tar Uploaded applications can be .tar files (old convention) and .w2p files (new convention). The latter ones are gzipped tar files. They can be uncom- pressed manually with tar zxvf [filename] although this is never necessary. 82 OVERVIEW Upon successful upload, web2py displays the MD5 checksum of the uploaded file. You can use it to verify that the file was not corrupted during upload. MORE ON ADMIN 83 Click on the KPAX name on admin to get it up and running. Application files are stored as w2p files (tar gzipped), but you are not intended to tar or untar them manually; web2py does it for you. For each application the [site] page allows you to: • Uninstall the application. • Jump to the [about] page (read below). • Jump to the [EDIT] page (read below). • Jump to the [errors] page (read below). • Clean up temporary files (sessions, errors, and cache.disk files). • Pack all. This returns a tar file containing a complete copy of the ap- plication. We suggest that you clean up temporary files before packing an application. • Compile the application. If there are no errors, this option will bytecode-compile all models, controllers and views. Because views can extend and include other views in a tree, before bytecode compi- lation, the view tree for every controller is collapsed into a single file. The net effect is that a bytecode-compiled application is faster, because there is no more parsing of templates or string substitutions occurring at runtime. • Pack compiled. This option is only present for bytecode-compiled ap- plications. It allows packing the application without source code for 84 OVERVIEW distribution as closed source. Note that Python (as any other program- ming language) can technically be decompiled; therefore compilation does not provide complete protection of the source code. Nevertheless, decompilation can be difficult and can be illegal. • Remove compiled. It simply removes the byte-code compiled models, views and controllers from the application. If the application was packaged with source code or designed locally, there is no harm in removing the bytecode-compiled files,and the application willcontinue to work. If the application was installed form a packed compiled file, then this is not safe, because there is no source code to revert to, and the application will no longer work. All the functionality available from the web2py admin site page is also accessible programmatically via the API defined in the module gluon/admin.py. Simply open a python shell and import this module. [about] The [about] tab allowseditingthedescriptionoftheapplication anditslicense. These are written respectively in the ABOUT and LICENSE files in the application folder. You can use Markdown syntax for these files as described in ref. [28]. . installing multiple copies of the same application. You can try, for example, to upload the KPAX content management system from: 1 http:/ /web2 py. com/appliances/default/download/app.source .221663266939.tar Uploaded. [site] page allows you to: • Uninstall the application. • Jump to the [about] page (read below). • Jump to the [EDIT] page (read below). • Jump to the [errors] page (read below). • Clean up temporary. files). • Pack all. This returns a tar file containing a complete copy of the ap- plication. We suggest that you clean up temporary files before packing an application. • Compile the application.