add user-based filtering of data

pboard/pboard/controllers/api.py

@@ -16,7 +16,40 @@ from pboard.lib   import dbapi as pld
 from pboard.model import data as pmd
 from pboard import model as pm
 
-__all__ = ['PODApiController']
+__all__ = ['PODPublicApiController', 'PODApiController']
+
+class PODPublicApiController(BaseController):
+
+    @expose('pboard.templates.index')
+    def index(self):
+        """Let the user know that's visiting a protected controller."""
+        flash(_("Secure Controller here"))
+        return dict(page='index')
+    
+    @expose()
+    def create_account(self, email=u'', password=u'', retyped_password=u'', **kw):
+      if email==u'' or password==u'' or retyped_password==u'':
+        flash(_('Account creation error: please fill all the fields'), 'error')
+        # redirect(lurl('/'))
+      elif password!=retyped_password:
+        flash(_('Account creation error: passwords do not match'), 'error')
+        # redirect(lurl('/'))
+      else:
+        loExistingUser = pld.PODStaticController.getUserByEmailAddress(email)
+        if loExistingUser!=None:
+          flash(_('Account creation error: account already exist: %s') % (email), 'error')
+          # redirect(lurl('/'))
+        
+        loNewAccount = pld.PODStaticController.createUser()
+        loNewAccount.email_address = email
+        loNewAccount.display_name  = email
+        loNewAccount.password      = password
+        loUserGroup = pld.PODStaticController.getGroup('user')
+        loUserGroup.users.append(loNewAccount)
+        pm.DBSession.flush()
+        flash(_('Account successfully created: %s') % (email), 'info')
+        # redirect(lurl('/'))
+
 
 class PODApiController(BaseController):
     """Sample controller-wide authorization"""
@@ -33,8 +66,10 @@ class PODApiController(BaseController):
     
     @expose()
     def create_event(self, parent_id=None, data_label=u'', data_datetime=None, data_content=u'', data_reminder_datetime=None, add_reminder=False, **kw):
-
-      loNewNode = pld.createNode()
+      loCurrentUser   = pld.PODStaticController.getCurrentUser()
+      loApiController = pld.PODUserFilteredApiController(loCurrentUser.user_id)
+      
+      loNewNode = loApiController.createNode()
       loNewNode.parent_id     = int(parent_id)
       loNewNode.node_type     = pmd.PBNodeType.Event
       loNewNode.data_label    = data_label
@@ -48,8 +83,10 @@ class PODApiController(BaseController):
 
     @expose()
     def create_contact(self, parent_id=None, data_label=u'', data_content=u'', **kw):
-
-      loNewNode = pld.createNode()
+      loCurrentUser   = pld.PODStaticController.getCurrentUser()
+      loApiController = pld.PODUserFilteredApiController(loCurrentUser.user_id)
+      
+      loNewNode = loApiController.createNode()
       loNewNode.parent_id     = int(parent_id)
       loNewNode.node_type     = pmd.PBNodeType.Contact
       loNewNode.data_label    = data_label
@@ -60,8 +97,10 @@ class PODApiController(BaseController):
 
     @expose()
     def create_comment(self, parent_id=None, data_label=u'', data_content=u'', **kw):
-
-      loNewNode = pld.createNode()
+      loCurrentUser   = pld.PODStaticController.getCurrentUser()
+      loApiController = pld.PODUserFilteredApiController(loCurrentUser.user_id)
+      
+      loNewNode = loApiController.createNode()
       loNewNode.parent_id     = int(parent_id)
       loNewNode.node_type     = pmd.PBNodeType.Comment
       loNewNode.data_label    = data_label
@@ -72,8 +111,10 @@ class PODApiController(BaseController):
 
     @expose()
     def create_file(self, parent_id=None, data_label=u'', data_content=u'', data_file=None, **kw):
-
-      loNewNode = pld.createNode()
+      loCurrentUser   = pld.PODStaticController.getCurrentUser()
+      loApiController = pld.PODUserFilteredApiController(loCurrentUser.user_id)
+      
+      loNewNode = loApiController.createNode()
       loNewNode.parent_id     = int(parent_id)
       loNewNode.node_type     = pmd.PBNodeType.File
       loNewNode.data_label    = data_label
@@ -91,7 +132,10 @@ class PODApiController(BaseController):
       if node_id==None:
         return
       else:
-        loFile = pld.getNode(node_id)
+        loCurrentUser   = pld.PODStaticController.getCurrentUser()
+        loApiController = pld.PODUserFilteredApiController(loCurrentUser.user_id)
+        
+        loFile = loApiController.getNode(node_id)
         tg.response.headers['Content-type'] = str(loFile.data_file_mime_type)
         return loFile.data_file_content
 
@@ -100,7 +144,10 @@ class PODApiController(BaseController):
       if node_id==None:
         return
       else:
-        loFile = pld.getNode(node_id)
+        loCurrentUser   = pld.PODStaticController.getCurrentUser()
+        loApiController = pld.PODUserFilteredApiController(loCurrentUser.user_id)
+        
+        loFile = loApiController.getNode(node_id)
         
         loJpegBytes = csio.StringIO(loFile.data_file_content)
         loImage     = pil.open(loJpegBytes)
@@ -113,7 +160,11 @@ class PODApiController(BaseController):
 
     @expose()
     def set_parent_node(self, node_id, new_parent_id, **kw):
-      loNewNode = pld.getNode(node_id)
+      loCurrentUser   = pld.PODStaticController.getCurrentUser()
+      loApiController = pld.PODUserFilteredApiController(loCurrentUser.user_id)
+      
+      # TODO - D.A. - 2013-11-07 - Check that new parent is accessible by the user !!!
+      loNewNode = loApiController.getNode(node_id)
       if new_parent_id!='':
         loNewNode.parent_id = int(new_parent_id)
       pm.DBSession.flush()
@@ -121,19 +172,28 @@ class PODApiController(BaseController):
 
     @expose()
     def move_node_upper(self, node_id=0):
-      loNode = pld.getNode(node_id)
-      pld.moveNodeUpper(loNode)
+      loCurrentUser   = pld.PODStaticController.getCurrentUser()
+      loApiController = pld.PODUserFilteredApiController(loCurrentUser.user_id)
+      
+      loNode = loApiController.getNode(node_id)
+      loApiController.moveNodeUpper(loNode)
       redirect(lurl('/document/%s'%(node_id)))
 
     @expose()
     def move_node_lower(self, node_id=0):
-      loNode = pld.getNode(node_id)
-      pld.moveNodeLower(loNode)
+      loCurrentUser   = pld.PODStaticController.getCurrentUser()
+      loApiController = pld.PODUserFilteredApiController(loCurrentUser.user_id)
+      
+      loNode = loApiController.getNode(node_id)
+      loApiController.moveNodeLower(loNode)
       redirect(lurl('/document/%s'%(node_id)))
 
     @expose()
     def create_document(self, parent_id=None):
-      loNewNode = pld.createNode()
+      loCurrentUser   = pld.PODStaticController.getCurrentUser()
+      loApiController = pld.PODUserFilteredApiController(loCurrentUser.user_id)
+      
+      loNewNode = loApiController.createDummyNode()
       loNewNode.data_label   = 'New document'
       loNewNode.data_content = 'insert content...'
       if int(parent_id)==0:
@@ -146,25 +206,36 @@ class PODApiController(BaseController):
 
     @expose()
     def edit_label(self, node_id, data_label):
-      loNewNode = pld.getNode(node_id)
-      loNewNode.data_label   = data_label
+      loCurrentUser   = pld.PODStaticController.getCurrentUser()
+      loApiController = pld.PODUserFilteredApiController(loCurrentUser.user_id)
+      
+      loNode = loApiController.getNode(node_id)
+      loNode.data_label = data_label
       redirect(lurl('/document/%s'%(node_id)))
 
     @expose()
     def edit_status(self, node_id, node_status):
-      loNewNode = pld.getNode(node_id)
-      loNewNode.node_status = node_status
+      loCurrentUser   = pld.PODStaticController.getCurrentUser()
+      loApiController = pld.PODUserFilteredApiController(loCurrentUser.user_id)
+      
+      loNode = loApiController.getNode(node_id)
+      loNode.node_status = node_status
       redirect(lurl('/document/%s'%(node_id)))
 
     @expose()
     def edit_content(self, node_id, data_content, **kw):
-      loNewNode = pld.getNode(node_id)
-      loNewNode.data_content = data_content
+      loCurrentUser   = pld.PODStaticController.getCurrentUser()
+      loApiController = pld.PODUserFilteredApiController(loCurrentUser.user_id)
+      
+      loNode = loApiController.getNode(node_id)
+      loNode.data_content = data_content
       redirect(lurl('/document/%s'%(node_id)))
 
     @expose()
     def force_delete_node(self, node_id=None):
-      loNode     = pld.getNode(node_id)
+      loCurrentUser   = pld.PODStaticController.getCurrentUser()
+      loApiController = pld.PODUserFilteredApiController(loCurrentUser.user_id)
+      loNode = loApiController.getNode(node_id)
       liParentId = loNode.parent_id
       if loNode.getChildNb()<=0:
         pm.DBSession.delete(loNode)
@@ -172,7 +243,7 @@ class PODApiController(BaseController):
 
     @expose()
     def reindex_nodes(self, back_to_node_id=0):
-      """show the user dashboard"""
+      # FIXME - NOT SAFE
       loRootNodeList   = pm.DBSession.query(pmd.PBNode).order_by(pmd.PBNode.parent_id).all()
       for loNode in loRootNodeList:
         if loNode.parent_id==None:

pboard/pboard/controllers/root.py

@@ -18,6 +18,8 @@ from pboard.lib import dbapi as pld
 from pboard.controllers import api as pbca
 from pboard.controllers import debug as pbcd
 
+from pboard import model as pm
+
 import pboard.model.data as pbmd
 
 __all__ = ['RootController']
@@ -43,6 +45,8 @@ class RootController(BaseController):
     debug = pbcd.DebugController()
     error = ErrorController()
 
+    public_api = pbca.PODPublicApiController()
+
     def _before(self, *args, **kw):
         tmpl_context.project_name = "pboard"
 
@@ -90,12 +94,29 @@ class RootController(BaseController):
     @require(predicates.in_group('user', msg=l_('Please login to access this page')))
     def document(self, node=0, came_from=lurl('/')):
         """show the user dashboard"""
-        import pboard.model.data as pbmd
-        
+        loCurrentUser   = pld.PODStaticController.getCurrentUser()
+        loApiController = pld.PODUserFilteredApiController(loCurrentUser.user_id)
+
         # loRootNodeList   = pbm.DBSession.query(pbmd.PBNode).filter(pbmd.PBNode.parent_id==None).order_by(pbmd.PBNode.node_order).all()
-        loRootNodeList = pld.buildTreeListForMenu()
-        liNodeId         = max(int(node), 1) # show node #1 if no selected node
-        loCurrentNode    = pbm.DBSession.query(pbmd.PBNode).filter(pbmd.PBNode.node_id==liNodeId).one()
-        loNodeStatusList = pbmd.PBNodeStatus.getList()
+        loRootNodeList = loApiController.buildTreeListForMenu()
+        liNodeId         = int(node)
+        
+        loCurrentNode    = None
+        loNodeStatusList = None
+        try:
+          loCurrentNode    = loApiController.getNode(liNodeId)
+          loNodeStatusList = pbmd.PBNodeStatus.getList()
+        except Exception, e:
+          flash(_('Document not found'), 'error')
+        
+        # FIXME - D.A - 2013-11-07 - Currently, the code build a new item if no item found for current user
+        # the correct behavior should be to redirect to setup page
+        if loCurrentNode is None:
+          loCurrentNode = loApiController.getNode(0) # try to get an item
+          if loCurrentNode is None:
+            flash(_('Your first document has been automatically created'), 'info')
+            loCurrentNode = loApiController.createDummyNode()
+            pm.DBSession.flush()
+
         return dict(root_node_list=loRootNodeList, current_node=loCurrentNode, node_status_list = loNodeStatusList)
 

pboard/pboard/lib/dbapi.py

@@ -4,7 +4,6 @@
 import os
 from datetime import datetime
 from hashlib import sha256
-__all__ = ['User', 'Group', 'Permission']
 
 from sqlalchemy import Table, ForeignKey, Column
 from sqlalchemy.types import Unicode, Integer, DateTime, Text
@@ -13,98 +12,156 @@ from sqlalchemy.orm import joinedload_all
 
 from pboard.model import DeclarativeBase, metadata, DBSession
 from pboard.model import data as pbmd
+from pboard.model import auth as pbma
 import pboard.model as pbm
 
-def createNode():
-  loNode = pbmd.PBNode()
-  DBSession.add(loNode)
-  return loNode
+import tg
+class PODStaticController(object):
 
-def getNode(liNodeId):
-  return DBSession.query(pbmd.PBNode).options(joinedload_all("_lAllChildren")).filter(pbmd.PBNode.node_id==liNodeId).one()
+  @classmethod
+  def getCurrentUser(cls):
+    loCurrentUser = pbma.User.by_email_address(tg.request.identity['repoze.who.userid'])
+    return loCurrentUser
 
-def getParentNode(loNode):
-  return DBSession.query(pbmd.PBNode).filter(pbmd.PBNode.node_id==loNode.parent_id).one()
-
-def getSiblingNodes(poNode, pbReverseOrder=False):
-  if pbReverseOrder:
-    return DBSession.query(pbmd.PBNode).filter(pbmd.PBNode.parent_id==poNode.parent_id).order_by(pbmd.PBNode.node_order.desc()).all()
-  else:
-    return DBSession.query(pbmd.PBNode).filter(pbmd.PBNode.parent_id==poNode.parent_id).order_by(pbmd.PBNode.node_order).all()
-
-def resetNodeOrderOfSiblingNodes(loSiblingNodes):
-  liNewWeight = 0
-  for loNode in loSiblingNodes:
-    liNewWeight = liNewWeight + 1
-    loNode.node_order = liNewWeight
-  # DBSession.save()
-
-def getNodeFileContent(liNodeId):
-  return DBSession.query(pbmd.PBNode).filter(pbmd.PBNode.node_id==liNodeId).one().data_file_content
+  @classmethod
+  def getUserByEmailAddress(cls, psEmailAddress):
+    loUser = pbma.User.by_email_address(psEmailAddress)
+    return loUser
+  
+  @classmethod
+  def createUser(cls):
+    loUser = pbma.User()
+    return loUser
+  
+  @classmethod
+  def getGroup(cls, psGroupName):
+    loGroup = pbma.Group.by_group_name(psGroupName)
+    return loGroup
 
 
-def moveNodeUpper(loNode):
-  # FIXME - manage errors and logging
+class PODUserFilteredApiController(object):
   
-  loSiblingNodes = getSiblingNodes(loNode)
-  resetNodeOrderOfSiblingNodes(loSiblingNodes)
-
-  loPreviousItem = None
-  for loItem in loSiblingNodes:
-    if loItem==loNode:
-      if loPreviousItem==None:
-        # FIXME
-        print "No previous node"
-      else:
-        liPreviousItemOrder       = loPreviousItem.node_order
-        loPreviousItem.node_order = loNode.node_order
-        loNode.node_order         = liPreviousItemOrder
-        # DBSession.save()
-        break
-    loPreviousItem = loItem
-
-def moveNodeLower(loNode):
-  # FIXME - manage errors and logging
+  def __init__(self, piUserId, piExtraUserIdList=[]):
+    self._iCurrentUserId       = piUserId
+    self._iExtraUserIdList     = piExtraUserIdList
+    self._iUserIdFilteringList = None
   
-  loSiblingNodes = getSiblingNodes(loNode)
-  resetNodeOrderOfSiblingNodes(loSiblingNodes)
-
-  loPreviousItem = None
-  for loItem in reversed(loSiblingNodes):
-    if loItem==loNode:
-      if loPreviousItem==None:
-        # FIXME
-        print "No previous node"
-      else:
-        liPreviousItemOrder       = loPreviousItem.node_order
-        loPreviousItem.node_order = loNode.node_order
-        loNode.node_order         = liPreviousItemOrder
-        # DBSession.save()
-        break
-    loPreviousItem = loItem
-
-def deleteNode(loNode):
-  DBSession.delete(loNode)
-  return
-
-def buildTreeListForMenu():
-  loNodeList = pbm.DBSession.query(pbmd.PBNode).filter(pbmd.PBNode.node_type==pbmd.PBNodeType.Data).order_by(pbmd.PBNode.parent_tree_path).order_by(pbmd.PBNode.node_order).order_by(pbmd.PBNode.node_id).all()
-  loTreeList = []
-  loTmpDict = {}
-  for loNode in loNodeList:
-    loTmpDict[loNode.node_id] = loNode
-
-    if loNode.parent_id==None:
-      loTreeList.append(loNode)
+  def _getUserIdListForFiltering(self):
+    if self._iUserIdFilteringList==None:
+      self._iUserIdFilteringList = list()
+      self._iUserIdFilteringList.append(self._iCurrentUserId)
+      for liUserId in self._iExtraUserIdList:
+        self._iUserIdFilteringList.append(liUserId)
+    return self._iUserIdFilteringList
+
+  def createNode(self):
+    loNode          = pbmd.PBNode()
+    loNode.owner_id = self._iCurrentUserId
+    DBSession.add(loNode)
+    return loNode
+  
+    query.filter(User.name.in_(['ed', 'wendy', 'jack']))
+
+  def createDummyNode(self):
+    loNewNode = self.createNode()
+    loNewNode.data_label   = 'New document'
+    loNewNode.data_content = 'insert content...'
+    return loNewNode
+
+  def getNode(self, liNodeId):
+    liOwnerIdList = self._getUserIdListForFiltering()
+    if liNodeId==0:
+      return DBSession.query(pbmd.PBNode).options(joinedload_all("_lAllChildren")).filter(pbmd.PBNode.owner_id.in_(liOwnerIdList)).first()
     else:
-      # append the node to the parent list
-      # FIXME - D.A - 2013-10-08
-      # The following line may raise an exception
-      # We suppose that the parent node has already been added
-      # this *should* be the case, but the code does not check it
-      if loTmpDict.has_key(loNode.parent_id)==False:
-        loTmpDict[loNode.parent_id] = getNode(loNode.parent_id)
-      loTmpDict[loNode.parent_id].appendStaticChild(loNode)
+      return DBSession.query(pbmd.PBNode).options(joinedload_all("_lAllChildren")).filter(pbmd.PBNode.node_id==liNodeId).filter(pbmd.PBNode.owner_id.in_(liOwnerIdList)).one()
+
+  def buildTreeListForMenu(self):
+    liOwnerIdList = self._getUserIdListForFiltering()
+    
+    loNodeList = pbm.DBSession.query(pbmd.PBNode).filter(pbmd.PBNode.owner_id.in_(liOwnerIdList)).filter(pbmd.PBNode.node_type==pbmd.PBNodeType.Data).order_by(pbmd.PBNode.parent_tree_path).order_by(pbmd.PBNode.node_order).order_by(pbmd.PBNode.node_id).all()
+    loTreeList = []
+    loTmpDict = {}
+    for loNode in loNodeList:
+      loTmpDict[loNode.node_id] = loNode
+  
+      if loNode.parent_id==None:
+        loTreeList.append(loNode)
+      else:
+        # append the node to the parent list
+        # FIXME - D.A - 2013-10-08
+        # The following line may raise an exception
+        # We suppose that the parent node has already been added
+        # this *should* be the case, but the code does not check it
+        if loTmpDict.has_key(loNode.parent_id)==False:
+          loTmpDict[loNode.parent_id] = getNode(loNode.parent_id)
+        loTmpDict[loNode.parent_id].appendStaticChild(loNode)
+  
+    return loTreeList
 
-  return loTreeList
+  def getParentNode(self, loNode):
+    liOwnerIdList = self._getUserIdListForFiltering()
+    return DBSession.query(pbmd.PBNode).filter(pbmd.PBNode.owner_id.in_(liOwnerIdList)).filter(pbmd.PBNode.node_id==loNode.parent_id).one()
 
+  def getSiblingNodes(self, poNode, pbReverseOrder=False):
+    liOwnerIdList = self._getUserIdListForFiltering()
+    
+    if pbReverseOrder:
+      return DBSession.query(pbmd.PBNode).filter(pbmd.PBNode.owner_id.in_(liOwnerIdList)).filter(pbmd.PBNode.parent_id==poNode.parent_id).order_by(pbmd.PBNode.node_order.desc()).all()
+    else:
+      return DBSession.query(pbmd.PBNode).filter(pbmd.PBNode.owner_id.in_(liOwnerIdList)).filter(pbmd.PBNode.parent_id==poNode.parent_id).order_by(pbmd.PBNode.node_order).all()
+
+  def resetNodeOrderOfSiblingNodes(self, loSiblingNodes):
+    liNewWeight = 0
+    for loNode in loSiblingNodes:
+      liNewWeight = liNewWeight + 1
+      loNode.node_order = liNewWeight
+    # DBSession.save()
+
+  def moveNodeUpper(self, loNode):
+    # FIXME - manage errors and logging
+    
+    loSiblingNodes = self.getSiblingNodes(loNode)
+    self.resetNodeOrderOfSiblingNodes(loSiblingNodes)
+  
+    loPreviousItem = None
+    for loItem in loSiblingNodes:
+      if loItem==loNode:
+        if loPreviousItem==None:
+          # FIXME
+          print "No previous node"
+        else:
+          liPreviousItemOrder       = loPreviousItem.node_order
+          loPreviousItem.node_order = loNode.node_order
+          loNode.node_order         = liPreviousItemOrder
+          # DBSession.save()
+          break
+      loPreviousItem = loItem
+
+  def moveNodeLower(self, loNode):
+    # FIXME - manage errors and logging
+    
+    loSiblingNodes = self.getSiblingNodes(loNode)
+    self.resetNodeOrderOfSiblingNodes(loSiblingNodes)
+  
+    loPreviousItem = None
+    for loItem in reversed(loSiblingNodes):
+      if loItem==loNode:
+        if loPreviousItem==None:
+          # FIXME
+          print "No previous node"
+        else:
+          liPreviousItemOrder       = loPreviousItem.node_order
+          loPreviousItem.node_order = loNode.node_order
+          loNode.node_order         = liPreviousItemOrder
+          # DBSession.save()
+          break
+      loPreviousItem = loItem
+
+  def getNodeFileContent(self, liNodeId):
+    liOwnerIdList = self._getUserIdListForFiltering()
+    return DBSession.query(pbmd.PBNode).filter(pbmd.PBNode.owner_id.in_(liOwnerIdList)).filter(pbmd.PBNode.node_id==liNodeId).one().data_file_content
+
+  def deleteNode(loNode):
+    # INFO - D.A. - 2013-11-07 - should be save as getNode should return only accessible nodes
+    DBSession.delete(loNode)
+    return

pboard/pboard/model/auth.py

@@ -60,6 +60,11 @@ class Group(DeclarativeBase):
     def __unicode__(self):
         return self.group_name
 
+    @classmethod
+    def by_group_name(cls, group_name):
+        """Return the user object whose email address is ``email``."""
+        return DBSession.query(cls).filter_by(group_name=group_name).first()
+
 class User(DeclarativeBase):
     """
     User definition.

pboard/pboard/model/data.py

@@ -170,6 +170,7 @@ class PBNode(DeclarativeBase):
   parent_id        = Column(Integer, ForeignKey('pb_nodes.node_id'), nullable=True, default=None)
   node_depth       = Column(Integer, unique=False, nullable=False, default=0)
   parent_tree_path = Column(Unicode(255), unique=False, nullable=False, default=u'')
+  owner_id         = Column(Integer, ForeignKey('tg_user.user_id'), nullable=True, default=None)
 
   node_order  = Column(Integer, nullable=True, default=1)
   node_type   = Column(Unicode(16), unique=False, nullable=False, default=u'data')

pboard/pboard/templates/document.mak

@@ -90,9 +90,6 @@ POD :: ${current_node.getTruncatedLabel(40)} [${current_node.getStatus().label}]
       </div>
     </div>
     <div id='application-main-panel' class="span9">
-        
-        
-        
       <div class="btn-group">
         <button class="btn">Status</button>
         <a class="btn ${current_node.getStatus().css}" href="#"><i class="${current_node.getStatus().icon}"></i> ${current_node.getStatus().getLabel()}</a>
@@ -117,266 +114,269 @@ POD :: ${current_node.getTruncatedLabel(40)} [${current_node.getStatus().label}]
 
         <a href='${tg.url('/api/force_delete_node?node_id=%i'%(current_node.node_id))}' id='current-document-force-delete-button' class="btn" onclick="return confirm('${_('Delete current document?')}');"><i class="icon-g-remove"></i> ${_('Delete')}</a>
       </div>
-      
+          
       <h3 id="current-document-title">#${current_node.node_id} - ${current_node.data_label}</h3>
-        <form style='display: none; margin-top: 1em;' id="current-document-title-edit-form" method='post' action='${tg.url('/api/edit_label')}'>
-          <div class="input-prepend input-append">
-            <input type='hidden' name='node_id' value='${current_node.node_id}'/>
-            ${POD.CancelButton('current-document-title-edit-cancel-button')}
-            <input type='text' name='data_label' value='${current_node.data_label}' class="span2" />
-            ${POD.SaveButton('current-document-title-save-cancel-button')}
+      <form style='display: none; margin-top: 1em;' id="current-document-title-edit-form" method='post' action='${tg.url('/api/edit_label')}'>
+        <div class="input-prepend input-append">
+          <input type='hidden' name='node_id' value='${current_node.node_id}'/>
+          ${POD.CancelButton('current-document-title-edit-cancel-button')}
+          <input type='text' name='data_label' value='${current_node.data_label}' class="span2" />
+          ${POD.SaveButton('current-document-title-save-cancel-button')}
+        </div>
+      </form>
+
+      <div id='application-document-panel' class="span5">
+        <p>
+          <div id='current-document-content' class="">
+            ${current_node.getContentWithTags()|n}
           </div>
-        </form>
+          <form style='display: none;' id="current-document-content-edit-form" method='post' action='${tg.url('/api/edit_content')}'>
+            <input type='hidden' name='node_id' value='${current_node.node_id}'/>
+            <textarea id="current_node_textarea" name='data_content' spellcheck="false" wrap="off" autofocus placeholder="Enter something ...">
+              ${current_node.data_content|n}
+            </textarea>
+            ${POD.CancelButton('current-document-content-edit-cancel-button', True)}
+            ${POD.SaveButton('current-document-content-edit-save-button', True)}
+          </form>
+        </p>
       </div>
-      <div id='application-document-panel' class="span5">
-      <p>
-        <div id='current-document-content' class="">
-          ${current_node.getContentWithTags()|n}
-        </div>
-        <form style='display: none;' id="current-document-content-edit-form" method='post' action='${tg.url('/api/edit_content')}'>
-          <input type='hidden' name='node_id' value='${current_node.node_id}'/>
-          <textarea id="current_node_textarea" name='data_content' spellcheck="false" wrap="off" autofocus placeholder="Enter something ...">
-            ${current_node.data_content|n}
-          </textarea>
-          ${POD.CancelButton('current-document-content-edit-cancel-button', True)}
-          ${POD.SaveButton('current-document-content-edit-save-button', True)}
-        </form>
-      </p>
-    </div>
-    <div id='application-metadata-panel' class="span4">
-      <div class="tabbable">
-        <ul class="nav nav-tabs">
-            ## DEBUG - D.A. - 2013-11-07 -  <li class="active"><a href="#tags" data-toggle="tab" title="${_('Tags')}"><i class='icon-g-tags'></i></a></li>
-            <li class="active"><a href="#events" data-toggle="tab" title="History"><i class="icon-g-history"></i>${POD.ItemNb(current_node.getEvents())}</a></li>
-            <li><a href="#contacts" data-toggle="tab" title="Contacts"><i class="icon-g-user""></i>${POD.ItemNb(current_node.getContacts())}</a></li>
-            <li><a href="#comments" data-toggle="tab" title="Comments"><i class="icon-g-conversation"></i>${POD.ItemNb(current_node.getComments())}</a></li>
-            <li><a href="#files" data-toggle="tab" title="Files"><i class="icon-g-attach"></i>${POD.ItemNb(current_node.getFiles())}</a></li>
-        </ul>
-        <div class="tab-content">
-            ################################
-            ##
-            ## PANEL SHOWING LIST OF TAGS
-            ##
-            ################################
-            <!-- DEBUG - D.A. - 2013-11-07 - Not using tags for th moment
-            <div class="tab-pane" id="tags">
-              <div class="well">
-                <p>
-                  <i>
-                    ${_('Tags are automatically extracted from document content:')}
-                    <ul>
-                      <li>${_('<code>@visible_keyword</code> is a visible keyword generating a tag.')|n}</li>
-                      <li>
-                        ${_('<code>@invisible_keyword</code> is an <u>invisible</u> keyword generating a tag.')|n}</li>
-                    </ul>
-                  </i>
-                </p>
-                % for tag in current_node.getTagList():
-                  ${POD.Badge(tag)}
-                % endfor
+      ## FIXME - D.A - 2013-11-07 - The following div should be span4 instead of span3 but some bug make it impossible
+      <div id='application-metadata-panel' class="span3">
+        <div class="tabbable">
+          <ul class="nav nav-tabs">
+              ## DEBUG - D.A. - 2013-11-07 -  <li class="active"><a href="#tags" data-toggle="tab" title="${_('Tags')}"><i class='icon-g-tags'></i></a></li>
+              <li class="active"><a href="#events" data-toggle="tab" title="History"><i class="icon-g-history"></i>${POD.ItemNb(current_node.getEvents())}</a></li>
+              <li><a href="#contacts" data-toggle="tab" title="Contacts"><i class="icon-g-user""></i>${POD.ItemNb(current_node.getContacts())}</a></li>
+              <li><a href="#comments" data-toggle="tab" title="Comments"><i class="icon-g-conversation"></i>${POD.ItemNb(current_node.getComments())}</a></li>
+              <li><a href="#files" data-toggle="tab" title="Files"><i class="icon-g-attach"></i>${POD.ItemNb(current_node.getFiles())}</a></li>
+          </ul>
+          <div class="tab-content">
+              ################################
+              ##
+              ## PANEL SHOWING LIST OF TAGS
+              ##
+              ################################
+              <!-- DEBUG - D.A. - 2013-11-07 - Not using tags for th moment
+              <div class="tab-pane" id="tags">
+                <div class="well">
+                  <p>
+                    <i>
+                      ${_('Tags are automatically extracted from document content:')}
+                      <ul>
+                        <li>${_('<code>@visible_keyword</code> is a visible keyword generating a tag.')|n}</li>
+                        <li>
+                          ${_('<code>@invisible_keyword</code> is an <u>invisible</u> keyword generating a tag.')|n}</li>
+                      </ul>
+                    </i>
+                  </p>
+                  % for tag in current_node.getTagList():
+                    ${POD.Badge(tag)}
+                  % endfor
+                </div>
               </div>
-            </div>
-            -->
-            ################################
-            ##
-            ## PANEL SHOWING LIST OF EVENTS
-            ##
-            ################################
-            <div class="tab-pane active" id="events">
-              ${POD.AddButton('current-document-add-event-button', True, _(' Add event'))}
-              <form style='display: none;' id='current-document-add-event-form' action='${tg.url('/api/create_event')}' method='post' class="well">
-                <input type="hidden" name='parent_id' value='${current_node.node_id}'/>
-                <fieldset>
-                  <legend>Add an event</legend>
-                  <label>
-                    <input type="text" name='data_label' placeholder="Event"/>
-                  </label>
-                  <label>
-                    <div class="datetime-picker-input-div input-append date">
-                      <input name='data_datetime' data-format="dd/MM/yyyy hh:mm" type="text" placeholder="date and time"/>
-                      <span class="add-on"><i data-time-icon="icon-g-clock" data-date-icon="icon-g-calendar"></i></span>
-                    </div>
-                  </label>
-                  <label>
-                    <div>
-                      <textarea id="add_event_data_content_textarea" name='data_content' spellcheck="false" wrap="off" autofocus placeholder="${_('detail...')}"></textarea>
-                    </div>
-                  </label>
-                  <label class="checkbox">
-                    <input disabled name='add_reminder' type="checkbox"> add a reminder
-                  </label>
-                  <label>
-                    <div class="datetime-picker-input-div input-append date">
-                      <input disabled name='data_reminder_datetime' data-format="dd/MM/yyyy hh:mm" type="text" placeholder="date and time"/>
-                      <span class="add-on"><i data-time-icon="icon-g-clock" data-date-icon="icon-g-calendar"></i></span>
-                    </div>
-                  </label>
+              -->
+              ################################
+              ##
+              ## PANEL SHOWING LIST OF EVENTS
+              ##
+              ################################
+              <div class="tab-pane active" id="events">
+                ${POD.AddButton('current-document-add-event-button', True, _(' Add event'))}
+                <form style='display: none;' id='current-document-add-event-form' action='${tg.url('/api/create_event')}' method='post' class="well">
+                  <input type="hidden" name='parent_id' value='${current_node.node_id}'/>
+                  <fieldset>
+                    <legend>Add an event</legend>
+                    <label>
+                      <input type="text" name='data_label' placeholder="Event"/>
+                    </label>
+                    <label>
+                      <div class="datetime-picker-input-div input-append date">
+                        <input name='data_datetime' data-format="dd/MM/yyyy hh:mm" type="text" placeholder="date and time"/>
+                        <span class="add-on"><i data-time-icon="icon-g-clock" data-date-icon="icon-g-calendar"></i></span>
+                      </div>
+                    </label>
+                    <label>
+                      <div>
+                        <textarea id="add_event_data_content_textarea" name='data_content' spellcheck="false" wrap="off" autofocus placeholder="${_('detail...')}"></textarea>
+                      </div>
+                    </label>
+                    <label class="checkbox">
+                      <input disabled name='add_reminder' type="checkbox"> add a reminder
+                    </label>
+                    <label>
+                      <div class="datetime-picker-input-div input-append date">
+                        <input disabled name='data_reminder_datetime' data-format="dd/MM/yyyy hh:mm" type="text" placeholder="date and time"/>
+                        <span class="add-on"><i data-time-icon="icon-g-clock" data-date-icon="icon-g-calendar"></i></span>
+                      </div>
+                    </label>
 
 
-                  ${POD.CancelButton('current-document-add-event-cancel-button', True)}
-                  ${POD.SaveButton('current-document-add-event-save-button', True)}
-                </fieldset>
-              </form>
+                    ${POD.CancelButton('current-document-add-event-cancel-button', True)}
+                    ${POD.SaveButton('current-document-add-event-save-button', True)}
+                  </fieldset>
+                </form>
 
-            % if len(current_node.getEvents())<=0:
-              <p><i>${_('No history for the moment.')}</i></p>
-            % else:
-              <table class="table table-striped table-hover table-condensed">
-                <thead>
-                  <tr>
-                    <th>Date</th>
-                    <th>Time</th>
-                    <th>
-                      Event
-                    </th>
-                    <th>
-                      <a href="" title="Add an event"><i class="icon-g-plus"></i></a>
-                    </th>
-                  </tr>
-                </thead>
-                % for event in current_node.getEvents():
-                  <tr class="item-with-data-popoverable" data-content="${event.data_content}" rel="popover" data-placement="left" data-trigger="hover">
-                    <td>${event.getFormattedDate(event.data_datetime)}</td>
-                    <td>${event.getFormattedTime(event.data_datetime)}</td>
-                    <td>${event.data_label}</td>
-                  </tr>
-                % endfor
-              </table>
-            % endif
-            </div>
-            ##############################
-            ## 
-            ## PANEL SHOWING LIST OF CONTACTS
-            ##
-            ##############################
-            <div class="tab-pane" id="contacts">
-            
-              <!-- ADD CONTACT FORM -->
-              ${POD.AddButton('current-document-add-contact-button', True, _(' Add contact'))}
-              <form style='display: none;' id='current-document-add-contact-form' action='${tg.url('/api/create_contact')}' method='post' class="well">
-                <input type="hidden" name='parent_id' value='${current_node.node_id}'/>
-                <fieldset>
-                  <legend>${_('Add a contact')}</legend>
-                  <label>
-                    <input type="text" name='data_label' placeholder="Title"/>
-                  </label>
-                  <label>
+              % if len(current_node.getEvents())<=0:
+                <p><i>${_('No history for the moment.')}</i></p>
+              % else:
+                <table class="table table-striped table-hover table-condensed">
+                  <thead>
+                    <tr>
+                      <th>Date</th>
+                      <th>Time</th>
+                      <th>
+                        Event
+                      </th>
+                      <th>
+                        <a href="" title="Add an event"><i class="icon-g-plus"></i></a>
+                      </th>
+                    </tr>
+                  </thead>
+                  % for event in current_node.getEvents():
+                    <tr class="item-with-data-popoverable" data-content="${event.data_content}" rel="popover" data-placement="left" data-trigger="hover">
+                      <td>${event.getFormattedDate(event.data_datetime)}</td>
+                      <td>${event.getFormattedTime(event.data_datetime)}</td>
+                      <td>${event.data_label}</td>
+                    </tr>
+                  % endfor
+                </table>
+              % endif
+              </div>
+              ##############################
+              ## 
+              ## PANEL SHOWING LIST OF CONTACTS
+              ##
+              ##############################
+              <div class="tab-pane" id="contacts">
+              
+                <!-- ADD CONTACT FORM -->
+                ${POD.AddButton('current-document-add-contact-button', True, _(' Add contact'))}
+                <form style='display: none;' id='current-document-add-contact-form' action='${tg.url('/api/create_contact')}' method='post' class="well">
+                  <input type="hidden" name='parent_id' value='${current_node.node_id}'/>
+                  <fieldset>
+                    <legend>${_('Add a contact')}</legend>
+                    <label>
+                      <input type="text" name='data_label' placeholder="Title"/>
+                    </label>
+                    <label>
+                      <div>
+                        <textarea id="add_contact_data_content_textarea" name='data_content' spellcheck="false" wrap="off" autofocus placeholder="${_('detail...')}"></textarea>
+                      </div>
+                    </label>
+                    ${POD.CancelButton('current-document-add-contact-cancel-button', True)}
+                    ${POD.SaveButton('current-document-add-contact-save-button', True)}
+                  </fieldset>
+                </form>
+
+                <!-- LIST OF CONTACT NODES -->
+                % for contact in current_node.getContacts():
+                  <div class="well">
+                    <legend class="text-info">${contact.data_label}</legend>
                     <div>
-                      <textarea id="add_contact_data_content_textarea" name='data_content' spellcheck="false" wrap="off" autofocus placeholder="${_('detail...')}"></textarea>
+                      <a style='float: right;' href="" title='${_('Search on google maps')}'><i class='icon-g-google-maps'></i></a>
+                      ${contact.data_content|n}
                     </div>
-                  </label>
-                  ${POD.CancelButton('current-document-add-contact-cancel-button', True)}
-                  ${POD.SaveButton('current-document-add-contact-save-button', True)}
-                </fieldset>
-              </form>
-
-              <!-- LIST OF CONTACT NODES -->
-              % for contact in current_node.getContacts():
-                <div class="well">
-                  <legend class="text-info">${contact.data_label}</legend>
-                  <div>
-                    <a style='float: right;' href="" title='${_('Search on google maps')}'><i class='icon-g-google-maps'></i></a>
-                    ${contact.data_content|n}
                   </div>
-                </div>
-              % endfor
+                % endfor
 
 
-            </div>
-            ################################
-            ##
-            ## PANEL SHOWING LIST OF COMMENTS
-            ##
-            ################################
-            <div class="tab-pane" id="comments">
-              <!-- ADD COMMENT FORM -->
-              ${POD.AddButton('current-document-add-comment-button', True, _(' Add comment'))}
-              <form style='display: none;' id='current-document-add-comment-form' action='${tg.url('/api/create_comment')}' method='post' class="well">
-                <input type="hidden" name='parent_id' value='${current_node.node_id}'/>
-                <fieldset>
-                  <legend>${_('Add a comment')}</legend>
-                  <label>
-                    <input type="text" name='data_label' placeholder="Title"/>
-                  </label>
-                  <label>
-                    <div>
-                      <textarea id="add_comment_data_content_textarea" name='data_content' spellcheck="false" wrap="off" autofocus placeholder="${_('comment...')}"></textarea>
-                    </div>
-                  </label>
-                  ${POD.CancelButton('current-document-add-comment-cancel-button', True)}
-                  ${POD.SaveButton('current-document-add-comment-save-button', True)}
-                </fieldset>
-              </form>
+              </div>
+              ################################
+              ##
+              ## PANEL SHOWING LIST OF COMMENTS
+              ##
+              ################################
+              <div class="tab-pane" id="comments">
+                <!-- ADD COMMENT FORM -->
+                ${POD.AddButton('current-document-add-comment-button', True, _(' Add comment'))}
+                <form style='display: none;' id='current-document-add-comment-form' action='${tg.url('/api/create_comment')}' method='post' class="well">
+                  <input type="hidden" name='parent_id' value='${current_node.node_id}'/>
+                  <fieldset>
+                    <legend>${_('Add a comment')}</legend>
+                    <label>
+                      <input type="text" name='data_label' placeholder="Title"/>
+                    </label>
+                    <label>
+                      <div>
+                        <textarea id="add_comment_data_content_textarea" name='data_content' spellcheck="false" wrap="off" autofocus placeholder="${_('comment...')}"></textarea>
+                      </div>
+                    </label>
+                    ${POD.CancelButton('current-document-add-comment-cancel-button', True)}
+                    ${POD.SaveButton('current-document-add-comment-save-button', True)}
+                  </fieldset>
+                </form>
 
-              <!-- LIST OF COMMENTS -->
-            % if len(current_node.getComments())<=0:
-              <p><i>${_('No comments.')}</i></p>
-            % else:
-              <table class="table table-striped table-hover table-condensed">
-                % for comment in current_node.getComments():
-                  <tr title="Last updated: ${comment.updated_at}">
-                    <td>
-                      <i>The ${comment.getFormattedDate(comment.updated_at)} at ${comment.getFormattedTime(comment.updated_at)}, comment.author wrote: </i><br/>
-                      <b>${comment.data_label}</b><br/>
-                      <p>
-                        ${comment.data_content|n}
-                      </p>
-                    </td>
-                  </tr>
-                % endfor
-              </table>
-            % endif
-            </div>
-            ################################
-            ##
-            ## PANEL SHOWING LIST OF FILES
-            ##
-            ################################
-            <div class="tab-pane" id="files">
-              <!-- ADD FILE FORM -->
-              ${POD.AddButton('current-document-add-file-button', True, _(' Add file'))}
-              <form style='display: none;' id='current-document-add-file-form' enctype="multipart/form-data" action='${tg.url('/api/create_file')}' method='post' class="well">
-                <input type="hidden" name='parent_id' value='${current_node.node_id}'/>
-                <fieldset>
-                  <legend>${_('Add a file')}</legend>
-                  <label>
-                    <input type="text" name='data_label' placeholder="Title"/>
-                  </label>
-                  <label>
-                    <input type="file" name='data_file' placeholder="choose a file..."/>
-                  </label>
-                  <label>
-                    <div>
-                      <textarea id="add_file_data_content_textarea" name='data_content' spellcheck="false" wrap="off" autofocus placeholder="${_('comment...')}"></textarea>
-                    </div>
-                  </label>
-                  ${POD.CancelButton('current-document-add-file-cancel-button', True)}
-                  ${POD.SaveButton('current-document-add-file-save-button', True)}
-                </fieldset>
-              </form>
+                <!-- LIST OF COMMENTS -->
+              % if len(current_node.getComments())<=0:
+                <p><i>${_('No comments.')}</i></p>
+              % else:
+                <table class="table table-striped table-hover table-condensed">
+                  % for comment in current_node.getComments():
+                    <tr title="Last updated: ${comment.updated_at}">
+                      <td>
+                        <i>The ${comment.getFormattedDate(comment.updated_at)} at ${comment.getFormattedTime(comment.updated_at)}, comment.author wrote: </i><br/>
+                        <b>${comment.data_label}</b><br/>
+                        <p>
+                          ${comment.data_content|n}
+                        </p>
+                      </td>
+                    </tr>
+                  % endfor
+                </table>
+              % endif
+              </div>
+              ################################
+              ##
+              ## PANEL SHOWING LIST OF FILES
+              ##
+              ################################
+              <div class="tab-pane" id="files">
+                <!-- ADD FILE FORM -->
+                ${POD.AddButton('current-document-add-file-button', True, _(' Add file'))}
+                <form style='display: none;' id='current-document-add-file-form' enctype="multipart/form-data" action='${tg.url('/api/create_file')}' method='post' class="well">
+                  <input type="hidden" name='parent_id' value='${current_node.node_id}'/>
+                  <fieldset>
+                    <legend>${_('Add a file')}</legend>
+                    <label>
+                      <input type="text" name='data_label' placeholder="Title"/>
+                    </label>
+                    <label>
+                      <input type="file" name='data_file' placeholder="choose a file..."/>
+                    </label>
+                    <label>
+                      <div>
+                        <textarea id="add_file_data_content_textarea" name='data_content' spellcheck="false" wrap="off" autofocus placeholder="${_('comment...')}"></textarea>
+                      </div>
+                    </label>
+                    ${POD.CancelButton('current-document-add-file-cancel-button', True)}
+                    ${POD.SaveButton('current-document-add-file-save-button', True)}
+                  </fieldset>
+                </form>
 
-              <!-- LIST OF FILES -->
-            % if len(current_node.getFiles())<=0:
-              <p><i>${_('No files.')}</i></p>
-            % else:
-              <table class="table table-striped table-hover table-condensed">
-                % for current_file in current_node.getFiles():
-                  <tr title="Last updated: ${current_file.updated_at}">
-                    <td>
-                      <img src="${tg.url('/api/get_file_content_thumbnail/%s'%(current_file.node_id))}" class="img-polaroid">
-                    </td>
-                    <td>
-                      <b>${current_file.data_label}</b><br/>
-                      <i>commented by comment.author the ${current_file.getFormattedDate(current_file.updated_at)} at ${current_file.getFormattedTime(current_file.updated_at)}</i></br>
-                      <p>
-                        ${current_file.data_content|n}
-                      </p>
-                    </td>
-                  </tr>
-                % endfor
-              </table>
-            % endif
+                <!-- LIST OF FILES -->
+              % if len(current_node.getFiles())<=0:
+                <p><i>${_('No files.')}</i></p>
+              % else:
+                <table class="table table-striped table-hover table-condensed">
+                  % for current_file in current_node.getFiles():
+                    <tr title="Last updated: ${current_file.updated_at}">
+                      <td>
+                        <img src="${tg.url('/api/get_file_content_thumbnail/%s'%(current_file.node_id))}" class="img-polaroid">
+                      </td>
+                      <td>
+                        <b>${current_file.data_label}</b><br/>
+                        <i>commented by comment.author the ${current_file.getFormattedDate(current_file.updated_at)} at ${current_file.getFormattedTime(current_file.updated_at)}</i></br>
+                        <p>
+                          ${current_file.data_content|n}
+                        </p>
+                      </td>
+                    </tr>
+                  % endfor
+                </table>
+              % endif
+              </div>
             </div>
+          </div>
         </div>
       </div>
     </div>

pboard/pboard/templates/index.mak

@@ -32,12 +32,12 @@
       </div>
     </div>
     <div class="span3">
-      <form class="well">
+      <form class="well" action="${tg.url('/public_api/create_account')}">
         <fieldset>
           <legend>Sign up</legend>
           <input type="text" id="email" placeholder="Email"><br/>
           <input type="text" id="password" placeholder="Password"><br/>
-          <input type="text" id="retype_password" placeholder="Retype your password"><br/>
+          <input type="text" id="retyped_password" placeholder="Retype your password"><br/>
           <input type="submit" id="submit" value="Sign up" /><br/>
         </fieldset>
       </form>