refactor: CSRF + format.

abilian/web/forms/widgets.py

@@ -488,10 +488,12 @@ def render(self, item, form, related_views=()):
                     continue
 
                 value = field.data
-                if (not isinstance(
+                if (
+                    not isinstance(
                         field,
                         FileField,
-                ) and not field.flags.render_empty):
+                    ) and not field.flags.render_empty
+                ):
                     if value in _to_skip:
                         continue
 
@@ -522,7 +524,6 @@ def render(self, item, form, related_views=()):
         ctx = {
             'view': self,
             'related_views': related_views,
-            'csrf_token': csrf.field(),
             'entity': item,
             'panels': panels,
             'form': form,

abilian/web/templates/abilian_base.html

@@ -16,17 +16,17 @@
   {%- block css %}{%- endblock css %}
 
   {% block ie_support %}
-  <!-- Le HTML5 shim, for IE6-8 support of HTML5 elements -->
-  <!--[if lt IE 9]>
-  <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
-  <![endif]-->
+    <!-- Le HTML5 shim, for IE6-8 support of HTML5 elements -->
+    <!--[if lt IE 9]>
+    <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
+    <![endif]-->
   {%- endblock ie_support %}
 
   <!-- Le fav and touch icons -->
   <link rel="shortcut icon" type="image/png"
-      href="{{ app.config['FAVICO_URL'] | string }}"/>
+        href="{{ app.config['FAVICO_URL'] | string }}"/>
   <link rel="apple-touch-icon" type="image/png"
-      href="{{ app.config['FAVICO_URL'] | string }}"/>
+        href="{{ app.config['FAVICO_URL'] | string }}"/>
 
   <script>
     var require = {{ app.extensions['webassets'].requirejs_config | tojson }};
@@ -40,17 +40,17 @@
     {%- set ext = app.extensions['sentry'] %}
     <script src="{{ ext.raven_js_url }}"></script>
     <script>
-     if (Raven !== undefined) {
-         Raven.config({{ ext.client.get_public_dsn() |tojson }},
-             {
-                 tags: {
-                     app_name: {{ (app.name+'_front') | tojson }},
-                     configured_server_name: {{ app.config.get('SERVER_NAME') | tojson }},
-                     process_type: 'javascript'
-                 }
-             })
-             .install();
-     }
+      if (Raven !== undefined) {
+        Raven.config({{ ext.client.get_public_dsn() |tojson }},
+            {
+              tags: {
+                app_name: {{ (app.name+'_front') | tojson }},
+                configured_server_name: {{ app.config.get('SERVER_NAME') | tojson }},
+                process_type: 'javascript'
+              }
+            })
+            .install();
+      }
     </script>
   {%- endif %}
 
@@ -66,15 +66,15 @@
   {% include "navbar.html" %}
 
   <div id="content"
-      class="container{%- if full_width %}-fluid {% endif %} clearfix">
+       class="container{%- if full_width %}-fluid {% endif %} clearfix">
 
     <!-- breadcrumbs -->
     {% if g.breadcrumb|length > 1 %}
-    <div class="row">
-      <div class="col-xs-12">
-        {% include "breadcrumbs.html" %}
+      <div class="row">
+        <div class="col-xs-12">
+          {% include "breadcrumbs.html" %}
+        </div>
       </div>
-    </div>
     {% endif %}
 
     <!-- flash messages -->

abilian/web/templates/error403.html

@@ -1,9 +1,9 @@
 {% extends "base.html" %}
 
 {% block main %}
-<h1>Forbidden</h1>
+  <h1>Forbidden</h1>
 
-{{ error.description|default("You don't have the permission to access the requested
+  {{ error.description|default("You don't have the permission to access the requested
 resource. It is either read-protected or not readable by the server.") }}
 
-{%  endblock %}
+{% endblock %}

abilian/web/templates/error404.html

@@ -1,11 +1,11 @@
 {% extends "base.html" %}
 
 {% block main %}
-<h1>Not Found</h1>
+  <h1>Not Found</h1>
 
-<p>
-  {%- trans -%}
-  Page or entity not found. The object you are trying to view may have been deleted.
-  {%- endtrans -%}
-</p>
-{%  endblock %}
+  <p>
+    {%- trans -%}
+      Page or entity not found. The object you are trying to view may have been deleted.
+    {%- endtrans -%}
+  </p>
+{% endblock %}

abilian/web/templates/error500.html

@@ -4,8 +4,8 @@
   <h1>Internal Server Error.</h1>
 
   <p>The server encountered an error and was unable to complete your
-request. Either the server is overloaded or there is an error in the
-application.
-</p>
+    request. Either the server is overloaded or there is an error in the
+    application.
+  </p>
 
 {% endblock %}

abilian/web/templates/macros.html

@@ -3,15 +3,16 @@
 #}
 
 {% macro deprecated(name, newfile) %}
-<small class="text-warning"><strong>This block is generated from macro "{{ name
-}}" in deprecated file "macros.html". Import from "macros/{{ newfile }}.html" instead.
-</strong></small>
- {% endmacro %}
+  <small class="text-warning"><strong>This block is generated from macro "{{ name }}"
+    in deprecated file "macros.html".
+    Import from "macros/{{ newfile }}.html" instead.
+  </strong></small>
+{% endmacro %}
 
 {# Generic renderer for boxes / portlets #}
 {% macro m_box(title, color="blue", with_toolbar=False) %}
   <div class="box">
-  {{ deprecated("m_box", "box") }}
+    {{ deprecated("m_box", "box") }}
 
     {% if title %}
       <div class="box-header box-header-small box-header-color-{{ color }}">
@@ -52,7 +53,7 @@ <h5>{{ title or _('Menu') }}</h5>
 
 {% macro m_box_content(title=None, color="blue", with_toolbar=False) %}
   <div class="box">
-  {{ deprecated("m_box_content", "box") }}
+    {{ deprecated("m_box_content", "box") }}
     {% if title %}
       <div class="box-header box-header-small box-header-color-{{ color }}">
         <h5>{{ title }}</h5>
@@ -77,8 +78,8 @@ <h5>{{ title }}</h5>
       {% set actor_img = user_photo_url(entry.actor, size=45) %}
 
       <li>
-        <a href="{{ actor_href }}"><img class="avatar" alt=""
-            src="{{ actor_img }}"></a>
+        <a href="{{ actor_href }}"><img
+          class="avatar" alt="" src="{{ actor_img }}"></a>
 
         <div class="entry">
           <span class="arrow"></span>
@@ -88,7 +89,7 @@ <h5>{{ title }}</h5>
 
           {% set body = entry.body() %}
           {% if body %}
-          <span class="body">"<a href="{{ entry.object_url }}">{{ body }}"</a></span>
+            <span class="body">"<a href="{{ entry.object_url }}">{{ body }}"</a></span>
           {% endif %}
         </div>
       </li>
@@ -151,15 +152,15 @@ <h5>{{ title }}</h5>
 {% macro m_breadcrumbs(breadcrumbs) %}
   <small class="text-warning">
     <strong>Breadcrumb is no more generated from a macro. Just include
-"breadcrumb.html" if you are overriding "body" block from "base.html".</strong>
+      "breadcrumb.html" if you are overriding "body" block from "base.html".</strong>
   </small>
- {% endmacro %}
+{% endmacro %}
 
 {% macro m_flashed_messages() %}
   <small class="text-warning">
     <strong>Flash message block is no more generated from a macro. Just include
-"flash-messages.html" if you are overriding "body" block from
-"base.html".</strong>
+      "flash-messages.html" if you are overriding "body" block from
+      "base.html".</strong>
   </small>
 {% endmacro %}
 
@@ -175,7 +176,7 @@ <h5>{{ title }}</h5>
           <li class="recent-item">
             <a href="{{ item.url }}">
               <img alt=""
-                  src="/static/icons/{{ item.type }}-12.png"/>&nbsp;{{ item.name }}
+                   src="/static/icons/{{ item.type }}-12.png"/>&nbsp;{{ item.name }}
             </a>
           </li>
         {%- endfor %}
@@ -194,7 +195,7 @@ <h5>{{ title }}</h5>
   {{ deprecated("m_table", "?") }}
 
   <table class="table table-striped table-condensed"
-      style="margin: 10px 0 15px 0;">
+         style="margin: 10px 0 15px 0;">
     <tbody>
     {%- for line in lines %}
       <tr class="row">