diff options
| author | Alexander Sulfrian <alex@spline.inf.fu-berlin.de> | 2014-11-19 01:34:46 +0100 |
|---|---|---|
| committer | Alexander Sulfrian <alex@spline.inf.fu-berlin.de> | 2014-11-19 02:15:56 +0100 |
| commit | 641c6e4e397641b4de3aa15e674241e2b7b7f7f6 (patch) | |
| tree | cbfe61e3311af72b994abd76d8cd0873e274cfdd | |
| parent | f73be7e78824088aeec8a7afda981a3006a935d5 (diff) | |
| download | padlite-teams-641c6e4e397641b4de3aa15e674241e2b7b7f7f6.tar.gz padlite-teams-641c6e4e397641b4de3aa15e674241e2b7b7f7f6.tar.bz2 padlite-teams-641c6e4e397641b4de3aa15e674241e2b7b7f7f6.zip | |
forms: generalize DeleteGroup for generic confirmation
Group deletion is now done with an extra confirmation step on a new page.
There is a simple confirmation form that only contains a hidden field
and the csrf magic. This commit also removes the direct deletion form
on the group page and replace is with a simple button to the new
confirmation page.
| -rw-r--r-- | forms.py | 5 | ||||
| -rw-r--r-- | templates/group.html | 26 | ||||
| -rw-r--r-- | views.py | 24 |
3 files changed, 31 insertions, 24 deletions
@@ -24,6 +24,5 @@ ChangeGroup = model_form(Group, base_class=Form, exclude=['api_id'], field_args= converter=ModelConverter(overrides={'name': ReadonlyField})) -class DeleteGroup(Form): - id = HiddenField('group id', [validators.Required()]); - sure = HiddenField('are you sure'); +class DeleteForm(Form): + sure = HiddenField('are you sure', default='yes') diff --git a/templates/group.html b/templates/group.html index 6c4d85c..5691e1b 100644 --- a/templates/group.html +++ b/templates/group.html @@ -32,20 +32,22 @@ <div class="panel panel-default"> <div class="panel-heading"> - <h3 class="panel-title">Delete this group</h3> + <h3 class="panel-title"> + <a data-toggle="collapse" href="#collapseOperations"> + Operations + </a> + </h3> </div> - <div class="panel-body"> - <form class="form-horizontal" role="form" method="POST"> - {% for field in delete_form %} - {{ render_field(field) }} - {% endfor %} - <div class="form-group"> - <div class="col-lg-offset-2 col-lg-8"> - <button type="submit" class="btn btn-danger btn-block">Delete this group</button> - </div> - </div> - </form> + <div id="collapseOperations" class="panel-collapse collapse in"> + <div class="panel-body"> + <p class="col-lg-offset-2 col-lg-8"> + <a href="{{ url_for('group_delete', group_name=group.name) }}" class="btn btn-block btn-danger">Delete this group</a> + </p> + </div> </div> </div> +<script type="text/javascript"> + $('#collapseOperations').collapse('hide'); +</script> {% endblock %} @@ -3,7 +3,7 @@ from auth import auth from flask import g, request, redirect, render_template, url_for from flask_peewee.utils import get_object_or_404 from models import Group, Member -from forms import CreateGroup, DeleteGroup, ChangeGroup +from forms import CreateGroup, DeleteForm, ChangeGroup from utils import templated from filters import * @@ -30,17 +30,23 @@ def index(): @auth.login_required def group(group_name): group = get_group_or_404(Group.name == group_name) - form = DeleteGroup(request.form) + return {'group': group, 'members': group.members} + + +@app.route('/<group_name>/_delete/', methods=['GET', 'POST']) +@templated('group_delete.html') +@auth.login_required +def group_delete(group_name): + group = get_group_or_404(Group.name == group_name, Member.admin == True) + form = DeleteForm(request.form) if form.validate_on_submit(): if form.sure.data == 'yes': group.delete_instance(recursive=True) - return redirect(url_for('index')) - else: - form.sure.data = 'yes' - return render_template('group_delete.html', group=group, delete_form=form) - else: - form.id.data = group.id - return {'group': group, 'members': group.members, 'delete_form': form} + return redirect(url_for('index')) + return {'group': group, + 'delete_form': form, + 'breadcrumbs': [{'href': url_for('group', group_name=group.name), 'text': group}, + {'text': 'Delete group'}]} @app.route('/<group_name>/_change/', methods=['GET', 'POST']) |