blog: Allow deleting posts

[ipfire.org.git] / src / web / blog.py

diff --git a/src/web/blog.py b/src/web/blog.py
index 65a73a6d736d5dde779ab32a272f9125e37fae2b..d39ef396446714328497f45457e40c2b329ebf4e 100644 (file)
--- a/src/web/blog.py
+++ b/src/web/blog.py
@@ -189,6 +189,36 @@ class EditHandler(auth.CacheMixin, base.BaseHandler):
                self.redirect("/drafts")
 
 
+class DeleteHandler(auth.CacheMixin, base.BaseHandler):
+       @tornado.web.authenticated
+       def get(self, slug):
+               post = self.backend.blog.get_by_slug(slug, published=False)
+               if not post:
+                       raise tornado.web.HTTPError(404)
+
+               # Check if post is editable
+               if not post.is_editable(self.current_user):
+                       raise tornado.web.HTTPError(403, "%s cannot edit %s" % (self.current_user, post))
+
+               self.render("blog/delete.html", post=post)
+
+       @tornado.web.authenticated
+       def post(self, slug):
+               post = self.backend.blog.get_by_slug(slug, published=False)
+               if not post:
+                       raise tornado.web.HTTPError(404)
+
+               # Check if post is editable
+               if not post.is_editable(self.current_user):
+                       raise tornado.web.HTTPError(403, "%s cannot edit %s" % (self.current_user, post))
+
+               with self.db.transaction():
+                       post.delete()
+
+               # Return to drafts
+               self.redirect("/drafts")
+
+
 class HistoryNavigationModule(ui_modules.UIModule):
        def render(self):
                return self.render_string("blog/modules/history-navigation.html",