From: Michael Tremer Date: Tue, 30 Oct 2018 08:58:18 +0000 (+0000) Subject: blog: Allow deleting posts X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=914238a5a43a373c93e3a9ee8aba8da98d6c26a3;p=ipfire.org.git blog: Allow deleting posts Signed-off-by: Michael Tremer --- diff --git a/Makefile.am b/Makefile.am index 96469d76..c864037c 100644 --- a/Makefile.am +++ b/Makefile.am @@ -112,6 +112,7 @@ templates_blog_DATA = \ src/templates/blog/author.html \ src/templates/blog/base.html \ src/templates/blog/compose.html \ + src/templates/blog/delete.html \ src/templates/blog/drafts.html \ src/templates/blog/feed.xml \ src/templates/blog/index.html \ diff --git a/src/backend/blog.py b/src/backend/blog.py index 913ed2db..78a2c6d8 100644 --- a/src/backend/blog.py +++ b/src/backend/blog.py @@ -356,3 +356,9 @@ class Post(misc.Object): # Update search index if post is published if self.is_published(): self.backend.blog.refresh() + + def delete(self): + self.db.execute("DELETE FROM blog WHERE id = %s", self.id) + + # Update search indices + self.backend.blog.refresh() diff --git a/src/templates/blog/base.html b/src/templates/blog/base.html index eceb8eba..a2429471 100644 --- a/src/templates/blog/base.html +++ b/src/templates/blog/base.html @@ -51,7 +51,13 @@
- {% block main %}{% end block %} + {% block main %} +
+
+ {% block modal %}{% end block %} +
+
+ {% end block %}
{% end block %} diff --git a/src/templates/blog/delete.html b/src/templates/blog/delete.html new file mode 100644 index 00000000..b4230b9a --- /dev/null +++ b/src/templates/blog/delete.html @@ -0,0 +1,23 @@ +{% extends "base.html" %} + +{% block title %}{{ _("Delete %s") % post.title }}{% end block %} + +{% block modal %} +
+
+
{{ _("Delete Post") }}
+
{{ post.title }}
+ +

+ {{ _("Do you really want to delete \"%s\"?") % post.title }} +

+ +
+ {% raw xsrf_form_html() %} + + + {{ _("Cancel") }} +
+
+
+{% end block %} diff --git a/src/templates/blog/modules/post.html b/src/templates/blog/modules/post.html index 339be0c0..1bb51aaf 100644 --- a/src/templates/blog/modules/post.html +++ b/src/templates/blog/modules/post.html @@ -32,6 +32,7 @@ {% if current_user and current_user == post.author %} {{ _("Edit") }} + {{ _("Delete") }} {% end %}

diff --git a/src/web/__init__.py b/src/web/__init__.py index b07fb7b8..971c2654 100644 --- a/src/web/__init__.py +++ b/src/web/__init__.py @@ -146,6 +146,7 @@ class Application(tornado.web.Application): (r"/compose", blog.ComposeHandler), (r"/drafts", blog.DraftsHandler), (r"/post/([0-9a-z\-\._]+)", blog.PostHandler), + (r"/post/([0-9a-z\-\._]+)/delete", blog.DeleteHandler), (r"/post/([0-9a-z\-\._]+)/edit", blog.EditHandler), (r"/post/([0-9a-z\-\._]+)/publish", blog.PublishHandler), (r"/search", blog.SearchHandler), diff --git a/src/web/blog.py b/src/web/blog.py index 65a73a6d..d39ef396 100644 --- a/src/web/blog.py +++ b/src/web/blog.py @@ -189,6 +189,36 @@ class EditHandler(auth.CacheMixin, base.BaseHandler): self.redirect("/drafts") +class DeleteHandler(auth.CacheMixin, base.BaseHandler): + @tornado.web.authenticated + def get(self, slug): + post = self.backend.blog.get_by_slug(slug, published=False) + if not post: + raise tornado.web.HTTPError(404) + + # Check if post is editable + if not post.is_editable(self.current_user): + raise tornado.web.HTTPError(403, "%s cannot edit %s" % (self.current_user, post)) + + self.render("blog/delete.html", post=post) + + @tornado.web.authenticated + def post(self, slug): + post = self.backend.blog.get_by_slug(slug, published=False) + if not post: + raise tornado.web.HTTPError(404) + + # Check if post is editable + if not post.is_editable(self.current_user): + raise tornado.web.HTTPError(403, "%s cannot edit %s" % (self.current_user, post)) + + with self.db.transaction(): + post.delete() + + # Return to drafts + self.redirect("/drafts") + + class HistoryNavigationModule(ui_modules.UIModule): def render(self): return self.render_string("blog/modules/history-navigation.html",