Add speed bump / confirmation page when deleting records.

Also cleanup the context menu links on various master CRUD pages.
2016-01-07 20:55:10 -06:00 · 2016-01-07 20:55:10 -06:00 · 640bb736b2
parent 94406f84b3
commit 640bb736b2
4 changed files with 84 additions and 20 deletions
--- a/tailbone/templates/master/delete.mako
+++ b/tailbone/templates/master/delete.mako
@ -0,0 +1,41 @@
+## -*- coding: utf-8 -*-
+<%inherit file="/base.mako" />
+
+<%def name="title()">Delete ${model_title}: ${unicode(instance)}</%def>
+
+<%def name="context_menu_items()">
+  <li>${h.link_to("Back to {}".format(model_title_plural), url(route_prefix))}</li>
+  % if master.viewable and request.has_perm('{}.view'.format(permission_prefix)):
+      <li>${h.link_to("View this {}".format(model_title), action_url('view', instance))}</li>
+  % endif
+  % if master.editable and request.has_perm('{}.edit'.format(permission_prefix)):
+      <li>${h.link_to("Edit this {}".format(model_title), action_url('edit', instance))}</li>
+  % endif
+  % if master.creatable and request.has_perm('{}.create'.format(permission_prefix)):
+      <li>${h.link_to("Create a new {}".format(model_title), url('{}.create'.format(route_prefix)))}</li>
+  % endif
+</%def>
+
+<%def name="confirmation()">
+  <br />
+  <p>Are you sure about this?</p>
+
+  ${h.form(request.current_route_url())}
+    <div class="buttons">
+      <button type="button" onclick="$(this).parents('form').submit();">Yes, please DELETE this record forever!</button>
+      <a class="button" href="${form.cancel_url}">Whoops, nevermind...</a>
+    </div>
+  ${h.end_form()}
+</%def>
+
+<ul id="context-menu">
+  ${self.context_menu_items()}
+</ul>
+
+<p>You are about to delete the following ${model_title} record:</p>
+
+<div class="form-wrapper">
+  ${form.render()|n}
+</div><!-- form-wrapper -->
+
+${self.confirmation()}
--- a/tailbone/templates/master/edit.mako
+++ b/tailbone/templates/master/edit.mako
@ -4,12 +4,15 @@
 <%def name="title()">${model_title}: ${unicode(instance)}</%def>

 <%def name="context_menu_items()">
-  <li>${h.link_to("Back to {0}".format(model_title_plural), url(route_prefix))}</li>
-  % if master.viewable and request.has_perm('{0}.view'.format(permission_prefix)):
-      <li>${h.link_to("View this {0}".format(model_title), action_url('view', instance))}</li>
+  <li>${h.link_to("Back to {}".format(model_title_plural), url(route_prefix))}</li>
+  % if master.viewable and request.has_perm('{}.view'.format(permission_prefix)):
+      <li>${h.link_to("View this {}".format(model_title), action_url('view', instance))}</li>
  % endif
-  % if master.deletable and request.has_perm('{0}.delete'.format(permission_prefix)):
-      <li>${h.link_to("Delete this {0}".format(model_title), action_url('delete', instance))}</li>
+  % if master.deletable and master.deletable_instance(instance) and request.has_perm('{}.delete'.format(permission_prefix)):
+      <li>${h.link_to("Delete this {}".format(model_title), action_url('delete', instance))}</li>
+  % endif
+  % if master.creatable and request.has_perm('{}.create'.format(permission_prefix)):
+      <li>${h.link_to("Create a new {}".format(model_title), url('{}.create'.format(route_prefix)))}</li>
  % endif
 </%def>

--- a/tailbone/templates/master/view.mako
+++ b/tailbone/templates/master/view.mako
@ -4,12 +4,15 @@
 <%def name="title()">${model_title}: ${instance_title}</%def>

 <%def name="context_menu_items()">
-  <li>${h.link_to("Back to {0}".format(model_title_plural), url(route_prefix))}</li>
-  % if master.editable and request.has_perm('{0}.edit'.format(permission_prefix)):
-      <li>${h.link_to("Edit this {0}".format(model_title), action_url('edit', instance))}</li>
+  <li>${h.link_to("Back to {}".format(model_title_plural), url(route_prefix))}</li>
+  % if master.editable and request.has_perm('{}.edit'.format(permission_prefix)):
+      <li>${h.link_to("Edit this {}".format(model_title), action_url('edit', instance))}</li>
  % endif
-  % if master.deletable and master.deletable_instance(instance) and request.has_perm('{0}.delete'.format(permission_prefix)):
-      <li>${h.link_to("Delete this {0}".format(model_title), action_url('delete', instance))}</li>
+  % if master.deletable and master.deletable_instance(instance) and request.has_perm('{}.delete'.format(permission_prefix)):
+      <li>${h.link_to("Delete this {}".format(model_title), action_url('delete', instance))}</li>
+  % endif
+  % if master.creatable and request.has_perm('{}.create'.format(permission_prefix)):
+      <li>${h.link_to("Create a new {}".format(model_title), url('{}.create'.format(route_prefix)))}</li>
  % endif
 </%def>

--- a/tailbone/views/master.py
+++ b/tailbone/views/master.py
@ -33,7 +33,7 @@ from edbob.util import prettify

 import formalchemy
 from pyramid.renderers import get_renderer, render_to_response
-from pyramid.httpexceptions import HTTPFound, HTTPNotFound
+from pyramid.httpexceptions import HTTPException, HTTPFound, HTTPNotFound

 from tailbone import forms
 from tailbone.views import View
@ -148,16 +148,28 @@ class MasterView(View):
        self.deleting = True
        instance = self.get_instance()

+        if not self.deletable_instance(instance):
+            self.request.session.flash("Deletion is not permitted for {} {}".format(
+                self.get_model_title(), instance))
+            return HTTPFound(location=self.get_action_url('view', instance))
+
+        form = self.make_form(instance)
+
+        # TODO: Add better validation, ideally CSRF etc.
+        if self.request.method == 'POST':
+
            # Let derived classes prep for (or cancel) deletion.
            result = self.before_delete(instance)
-        if result is not None:
+            if isinstance(result, HTTPException):
                return result

            self.delete_instance(instance)
-        self.request.session.flash("{0} {1} has been deleted.".format(
+            self.request.session.flash("{} {} has been deleted.".format(
                self.get_model_title(), instance))
            return self.redirect(self.get_after_delete_url(instance))

+        form.readonly = True
+        return self.render_to_response('delete', {'instance': instance, 'form': form})

    ##############################
    # Core Stuff
@ -379,9 +391,14 @@ class MasterView(View):
        if self.editable:
            actions.append(self.make_action('edit', icon='pencil'))
        if self.deletable:
-            actions.append(self.make_action('delete', icon='trash'))
+            actions.append(self.make_action('delete', icon='trash', url=self.default_delete_url))
        return actions

+    def default_delete_url(self, row):
+        if self.deletable_instance(row):
+            return self.request.route_url('{}.delete'.format(self.get_route_prefix()),
+                                          **self.get_action_route_kwargs(row))
+
    def make_action(self, key, **kwargs):
        """
        Make a new :class:`GridAction` instance for the current grid.