From 641c6e4e397641b4de3aa15e674241e2b7b7f7f6 Mon Sep 17 00:00:00 2001 From: Alexander Sulfrian Date: Wed, 19 Nov 2014 01:34:46 +0100 Subject: forms: generalize DeleteGroup for generic confirmation Group deletion is now done with an extra confirmation step on a new page. There is a simple confirmation form that only contains a hidden field and the csrf magic. This commit also removes the direct deletion form on the group page and replace is with a simple button to the new confirmation page. --- forms.py | 5 ++--- templates/group.html | 26 ++++++++++++++------------ views.py | 24 +++++++++++++++--------- 3 files changed, 31 insertions(+), 24 deletions(-) diff --git a/forms.py b/forms.py index ef8ab65..f5f1340 100644 --- a/forms.py +++ b/forms.py @@ -24,6 +24,5 @@ ChangeGroup = model_form(Group, base_class=Form, exclude=['api_id'], field_args= converter=ModelConverter(overrides={'name': ReadonlyField})) -class DeleteGroup(Form): - id = HiddenField('group id', [validators.Required()]); - sure = HiddenField('are you sure'); +class DeleteForm(Form): + sure = HiddenField('are you sure', default='yes') diff --git a/templates/group.html b/templates/group.html index 6c4d85c..5691e1b 100644 --- a/templates/group.html +++ b/templates/group.html @@ -32,20 +32,22 @@
-

Delete this group

+

+ + Operations + +

-
-
- {% for field in delete_form %} - {{ render_field(field) }} - {% endfor %} -
-
- -
-
-
+
+
+

+ Delete this group +

+
+ {% endblock %} diff --git a/views.py b/views.py index d881d21..30bab96 100644 --- a/views.py +++ b/views.py @@ -3,7 +3,7 @@ from auth import auth from flask import g, request, redirect, render_template, url_for from flask_peewee.utils import get_object_or_404 from models import Group, Member -from forms import CreateGroup, DeleteGroup, ChangeGroup +from forms import CreateGroup, DeleteForm, ChangeGroup from utils import templated from filters import * @@ -30,17 +30,23 @@ def index(): @auth.login_required def group(group_name): group = get_group_or_404(Group.name == group_name) - form = DeleteGroup(request.form) + return {'group': group, 'members': group.members} + + +@app.route('//_delete/', methods=['GET', 'POST']) +@templated('group_delete.html') +@auth.login_required +def group_delete(group_name): + group = get_group_or_404(Group.name == group_name, Member.admin == True) + form = DeleteForm(request.form) if form.validate_on_submit(): if form.sure.data == 'yes': group.delete_instance(recursive=True) - return redirect(url_for('index')) - else: - form.sure.data = 'yes' - return render_template('group_delete.html', group=group, delete_form=form) - else: - form.id.data = group.id - return {'group': group, 'members': group.members, 'delete_form': form} + return redirect(url_for('index')) + return {'group': group, + 'delete_form': form, + 'breadcrumbs': [{'href': url_for('group', group_name=group.name), 'text': group}, + {'text': 'Delete group'}]} @app.route('//_change/', methods=['GET', 'POST']) -- cgit v1.2.3-1-g7c22