我坚信后端和前端之间紧密耦合的异端思想:我希望在生成用户界面时自动使用有关后端的现有隐含知识。 例如,如果 VARCHAR 列的最大长度为 20 个字符,则 GUI 应自动限制用户在相关表单字段中键入超过 20 个字符。
我对 ORM 有强烈的反感,ORM 想要定义我的数据库表,或者基于一些 hack,其中每个表都需要有额外的数字 ID 列,因为 ORM。
我对 Python 数据库框架进行了一些研究,我想我可以得出结论,SQLAlchemy 最适合我的心态。
现在,我需要找到一个与 SQLAlchemy(或同等产品)自然契合的 Web 应用程序框架,甚至可能符合我对耦合的兴趣。 对于“Web 应用程序框架”,我指的是 Pyhons、Django、TurboGears、web2py 等产品/项目。
例如,理想情况下它应该能够:
- 自动选择合适的表单小部件用于输入数据给定的列(如果被告知这样做); 例如,如果该列有一个包含 10 个不同值的列的外键,则小部件应将 10 个可能的值显示为下拉列表
- 自动生成 javascript 表单验证代码,从而为最终用户提供快速错误反馈如果将字符串输入到即将出现在 INTEGER 列中的字段中,则
- 自动为最终出现在 DATE 列中的数据生成日历小部件
- 提示 NOT NULL 约束 作为抱怨相关输入字段中的空数据或仅空白数据的 javascript
- 生成与相关(简单)匹配的 javascript 验证代码 CHECK-constraints
- 可以轻松避免 SQL 注入,通过使用准备好的语句和/或外部派生数据的验证,
- 可以通过在适当时自动转义传出字符串来轻松避免跨站点脚本编写
- 使用约束名称 > 在违反约束的情况下生成一些用户友好的错误消息
所有这些都应该动态发生,因此表调整会自动反映在前端 - 可能使用缓存机制,以便所有模型自省不会影响性能。 换句话说,当模型已经在数据库中仔细定义时,我不想在 XML 文件(或类似文件)中重复模型定义。
Python(或任何语言)是否存在这样的框架? 如果不是:如果我自己添加部分上述功能,那么几个 Python Web 应用程序框架中哪一个的影响最小?
I'm a firm believer of the heretic thought of tight coupling between the backend and frontend: I want existing, implied knowledge about a backend to be automatically made use of when generating user interfaces. E.g., if a VARCHAR column has a maximum with of 20 characters, there GUIs should automatically constrain the user from typing more than 20 characters in a related form field.
And I have strong antipathy to ORMs which want to define my database tables, or are based on some hack where every table needs to have extra numeric ID columns because of the ORM.
I've looked a bit into Python database frameworks and I think I can conclude the SQLAlchemy fits best to my mentality.
Now, I need to find a web application framework which fits naturally with SQLAlchemy (or an equivalent) and perhaps even with my appetite for coupling. With "web application framework", I mean products/project such as Pyhons, Django, TurboGears, web2py, etc.
E.g., it should ideally be able to:
- automatically select a suitable form widget for data entering a given column if told to do so; e.g., if the column has a foreign key to a column with 10 different values, widget should display the 10 possible values as a dropdown
- auto-generate javascript form validation code which gives the end-user quick error feedback if a string is entered into a field which is about to end up in an INTEGER column, etc
- auto-generate a calendar widget for data which will end up in a DATE column
- hint NOT NULL constraints as javascript which complains about empty or whitespace-only data in a related input field
- generate javascript validation code which matches relevant (simple) CHECK-constraints
- make it easy to avoid SQL injection, by using prepared statements and/or validation of externally derived data
- make it easy to avoid cross site scripting by automatically escape outgoing strings when appropriate
- make use of constraint names to generate somewhat user friendly error messages in case a constrataint is violated
All this should happen dynamically, so table adjustments are automatically reflected on the frontend - probably with a caching mechanism, so that all the model introspection wouldn't kill performance. In other words, I don't want to repeat my model definition in an XML file (or alike) when it has already been carefully been defined in my database.
Does such a framework exist for Python (or for any language, for that matter)? If not: Which of the several Python web application frameworks will be least in the way if I were to add parts of the above features myself?
发布评论
评论(5)
web2py 可以满足您的大部分要求:
根据字段类型及其验证器,它将使用适当的小部件呈现该字段。 您可以覆盖
并使用第三方小部件。
web2py 有 js 来阻止用户在整数字段中输入非整数或在双精度字段中输入非双精度值。 时间、日期和日期时间字段有自己的选择器。 这些 js 验证与服务器端验证一起使用(而不是代替)。
有
IS_EMPTY_OR(...)验证器。DAL 可防止 SQL 注入,因为进入数据库时所有内容都会被转义。
web2py 可以防止 XSS,因为在 {{=variable}} 中,'variable' 会被转义,除非另有指定 {{=XML(variable)}} 或 {{=XML(variable,sanitize=True)}}
错误消息是验证器的参数示例
T 表示国际化。
web2py does most of what you ask:
Based on a field type and its validators it will render the field with the appropriate widget. You can override with
and use a third party widget.
web2py has js to blocks the user from entering a non-integer in a integer field or a non-double in a double field. time, date and datetime fields have their own pickers. These js validation work with (not instead) of server side validation.
There is
IS_EMPTY_OR(...)validator.The DAL prevents SQL injections since everthing is escaped when goes in the DB.
web2py prevents XSS because in {{=variable}}, 'variable' is escaped unless specified otherwise {{=XML(variable)}} or {{=XML(variable,sanitize=True)}}
Error messages are arguments of validators for example
T is for internationalization.
你应该看看 django,尤其是它的 newforms 和 admin 模块。 newforms 模块提供了一种很好的可能性,可以通过自动为用户生成错误消息/页面来进行服务器端验证。 添加ajax验证也是可能的可能
You should have a look at django and especially its newforms and admin modules. The newforms module provides a nice possibility to do server side validation with automated generation of error messages/pages for the user. Adding ajax validation is also possible
我相信 Django 模型不支持复合主键(请参阅 文档)。 但也许你可以在 Django 中使用 SQLAlchemy? Google 搜索表明您可以。 我没有使用过Django,所以我不知道。
我建议您看一下:
我对上述任何项目都没有深入的了解。 我正在尝试添加与我自己的应用程序之一类似的内容,就像原始问题提到的那样。 上面的列表只是我偶然发现的有趣项目的列表。
至于Python的Web应用程序框架,我推荐TurboGears 2。并不是说我有任何其他框架的经验,我只是喜欢TurboGears...
如果原始问题的作者找到了一个运行良好的解决方案,请更新或回答这个线。
I believe that Django models does not support composite primary keys (see documentation). But perhaps you can use SQLAlchemy in Django? A google search indicates that you can. I have not used Django, so I don't know.
I suggest you take a look at:
I do not have any deep knowledge of any of the projects above. I am just in the process of trying to add something similar to one of my own applications as what the original question mentions. The above list is simply a list of interesting projects that I have stumbled across.
As to web application frameworks for Python, I recommend TurboGears 2. Not that I have any experience with any of the other frameworks, I just like TurboGears...
If the original question's author finds a solution that works well, please update or answer this thread.
我知道您特别要求一个框架,但我想我会让您知道我在这里所做的事情。 我刚刚将公司的 Web 应用程序从自定义内部 ORM 层转换为 sqlAlchemy,所以我远非专家,但我想到的是 sqlAlchemy 具有它从数据库映射的所有属性的类型,所以为什么不呢?使用它来帮助将正确的 html 输出到页面上。 因此,我们使用 sqlAlchemy 作为后端,使用 Cheetah 模板作为前端,但中间的一切基本上仍然是我们自己的。
我们从来没有找到一个框架能够完全满足我们的需求,并且不妥协,并且更喜欢获得所有适合我们的部分并自己编写粘合剂。
步骤 1. 对于每种数据类型 sqlAlchemy.types.INTEGER 等。向 Html 添加一个额外的函数(或者许多可能是 toHTMLReadOnly、toHTMLAdminEdit 等),然后返回 html 的模板,现在您甚至不必关心什么数据如果您只想吐出整个表格,则可以输入您的显示内容(作为猎豹模板或无论您的模板引擎是什么)。
步骤 2
#for $dbObject.c 中的 $field:$field .name#end for#for $field在 dbObject.c 中:$field.type.toHtml($field.name, $field.value)#end for使用这个基本方法并将 python 内省发挥到其潜力,在一个下午我成功地创建、读取、更新和删除我们数据库的整个管理部分的代码,尚未经过 django 的完善,但已经足够满足我的需求了。
步骤 3 就在周五发现需要第三步,想要上传文件,正如您所知,这些文件需要的不仅仅是 varchar 数据类型默认文本框。 不用担心,我只是将表定义中的行类从 VARCHAR 覆盖为 FilePath(VARCHAR),其中唯一的区别是 FilePath 有不同的 toHtml 方法。 工作完美无缺。
话虽如此,如果有一种收缩包装的产品可以满足您的需求,请使用它。
免责声明:此代码是在午夜后凭记忆编写的,可能不会生成正常运行的网页。
I know that you specificity ask for a framework but I thought I would let you know about what I get up to here. I have just undergone converting my company's web application from a custom in-house ORM layer into sqlAlchemy so I am far from an expert but something that occurred to me was that sqlAlchemy has types for all of the attributes it maps from the database so why not use that to help output the right html onto the page. So we use sqlAlchemy for the back end and Cheetah templates for the front end but everything in between is basically our own still.
We have never managed to find a framework that does exactly what we want without compromise and prefer to get all the bits that work right for us and write the glue our selves.
Step 1. For each data type sqlAlchemy.types.INTEGER etc. Add an extra function toHtml (or many maybe toHTMLReadOnly, toHTMLAdminEdit whatever) and just have that return the template for the html, now you don't even have to care what data type your displaying if you just want to spit out a whole table you can just do (as a cheetah template or what ever your templating engine is).
Step 2
<table><tr>#for $field in $dbObject.c:<th>$field.name</th>#end for</tr><tr>#for $field in dbObject.c:<td>$field.type.toHtml($field.name, $field.value)</td>#end for</tr></table>Using this basic method and stretching pythons introspection to its potential, in an afternoon I managed to make create read update and delete code for our whole admin section of out database, not yet with the polish of django but more then good enough for my needs.
Step 3 Discovered the need for a third step just on Friday, wanted to upload files which as you know needs more then just the varchar data types default text box. No sweat, I just overrode the rows class in my table definition from VARCHAR to FilePath(VARCHAR) where the only difference was FilePath had a different toHtml method. Worked flawlessly.
All that said, if there is a shrink wrapped one out there that does just what you want, use that.
Disclaimer: This code was written from memory after midnight and probably wont produce a functioning web page.
TurboGears 目前使用 SQLObject 默认情况下,但您可以将其与 SQLAlchemy 一起使用。 他们说 TurboGears (1.1) 的下一个主要版本将默认使用 SQLAlchemy。
TurboGears currently uses SQLObject by default but you can use it with SQLAlchemy. They are saying that the next major release of TurboGears (1.1) will use SQLAlchemy by default.