src/templates/blog/author.html \
src/templates/blog/base.html \
src/templates/blog/compose.html \
+ src/templates/blog/delete.html \
src/templates/blog/drafts.html \
src/templates/blog/feed.xml \
src/templates/blog/index.html \
# Update search index if post is published
if self.is_published():
self.backend.blog.refresh()
+
+ def delete(self):
+ self.db.execute("DELETE FROM blog WHERE id = %s", self.id)
+
+ # Update search indices
+ self.backend.blog.refresh()
</div>
<div class="col-12 col-lg-9">
- {% block main %}{% end block %}
+ {% block main %}
+ <div class="row justify-content-center">
+ <div class="col-12 col-md-6">
+ {% block modal %}{% end block %}
+ </div>
+ </div>
+ {% end block %}
</div>
</div>
{% end block %}
--- /dev/null
+{% extends "base.html" %}
+
+{% block title %}{{ _("Delete %s") % post.title }}{% end block %}
+
+{% block modal %}
+ <div class="card">
+ <div class="card-body">
+ <h5 class="card-title mb-1">{{ _("Delete Post") }}</h5>
+ <h6 class="card-subtitle text-muted mb-3">{{ post.title }}</h6>
+
+ <p>
+ {{ _("Do you really want to delete \"%s\"?") % post.title }}
+ </p>
+
+ <form action="" method="POST">
+ {% raw xsrf_form_html() %}
+
+ <button type="submit" class="btn btn-primary btn-block">{{ _("Delete") }}</button>
+ <a class="btn btn-secondary btn-block" href="/post/{{ post.slug }}">{{ _("Cancel") }}</a>
+ </form>
+ </div>
+ </div>
+{% end block %}
{% if current_user and current_user == post.author %}
<a href="/post/{{ post.slug }}/edit">{{ _("Edit") }}</a>
+ <a href="/post/{{ post.slug }}/delete">{{ _("Delete") }}</a>
{% end %}
</p>
</div>
(r"/compose", blog.ComposeHandler),
(r"/drafts", blog.DraftsHandler),
(r"/post/([0-9a-z\-\._]+)", blog.PostHandler),
+ (r"/post/([0-9a-z\-\._]+)/delete", blog.DeleteHandler),
(r"/post/([0-9a-z\-\._]+)/edit", blog.EditHandler),
(r"/post/([0-9a-z\-\._]+)/publish", blog.PublishHandler),
(r"/search", blog.SearchHandler),
self.redirect("/drafts")
+class DeleteHandler(auth.CacheMixin, base.BaseHandler):
+ @tornado.web.authenticated
+ def get(self, slug):
+ post = self.backend.blog.get_by_slug(slug, published=False)
+ if not post:
+ raise tornado.web.HTTPError(404)
+
+ # Check if post is editable
+ if not post.is_editable(self.current_user):
+ raise tornado.web.HTTPError(403, "%s cannot edit %s" % (self.current_user, post))
+
+ self.render("blog/delete.html", post=post)
+
+ @tornado.web.authenticated
+ def post(self, slug):
+ post = self.backend.blog.get_by_slug(slug, published=False)
+ if not post:
+ raise tornado.web.HTTPError(404)
+
+ # Check if post is editable
+ if not post.is_editable(self.current_user):
+ raise tornado.web.HTTPError(403, "%s cannot edit %s" % (self.current_user, post))
+
+ with self.db.transaction():
+ post.delete()
+
+ # Return to drafts
+ self.redirect("/drafts")
+
+
class HistoryNavigationModule(ui_modules.UIModule):
def render(self):
return self.render_string("blog/modules/history-navigation.html",
projects / ipfire.org.git / commitdiff
