commit 7c9448a485547238514d3b883158619ca9945992
parent f660e14d11224128387d979745b789f08930aab1
Author: Brian C. Lane <bcl@f12.imp.home>
Date: Wed, 14 Apr 2010 01:57:06 -0700
Adding delete confirmation and POST code. Includes the xsrf token
To make a link do a POST+XSRF simply add the 'delete' class to
the link.
Diffstat:
5 files changed, 48 insertions(+), 3 deletions(-)
diff --git a/server/hms/hms.py b/server/hms/hms.py
@@ -827,6 +827,16 @@ class SourceHandler(BaseHandler):
self.redirect("/source/")
+class MediaDeleteHandler(BaseHandler):
+ @tornado.web.authenticated
+ def post(self, media_id):
+ if self.current_user != 'admin':
+ self.redirect("/media/")
+ return
+
+ return
+
+
class MediaEditHandler(BaseHandler):
@tornado.web.authenticated
def get(self, media_id):
@@ -980,6 +990,16 @@ class MediaHandler(BaseHandler):
pass
+class UserDeleteHandler(BaseHandler):
+ @tornado.web.authenticated
+ def post(self, media_id):
+ if self.current_user != 'admin':
+ self.redirect("/media/")
+ return
+
+ return
+
+
class UserEditHandler(BaseHandler):
@tornado.web.authenticated
def get(self, id):
@@ -1600,6 +1620,7 @@ def main():
(r"/media/play/(.*)", MediaPlayHandler),
(r"/media/bif/(.*)/(.*)", BifPlayHandler),
(r"/media/image/(.*)/(.*)", PosterImageHandler),
+ (r"/media/delete/(.*)", MediaDeleteHandler),
(r"/media/(.*)/(.*)", MediaHandler),
(r"/media/(.*)", MediaHandler),
(r"/tmdb/search/(.*)", SearchTMDBHandler),
@@ -1608,6 +1629,7 @@ def main():
(r"/user/last/(.*)/(.*)", UserLastPositionHandler),
(r"/user/image/(.*)", UserImageHandler),
(r"/user/edit/(.*)", UserEditHandler),
+ (r"/user/delete/(.*)", UserDeleteHandler),
(r"/user/(.*)", UserHandler),
(r"/xml/users", XMLUsersHandler),
(r"/xml/list/(.*)/(.*)", XMLListHandler),
diff --git a/server/hms/templates/base.html b/server/hms/templates/base.html
@@ -35,7 +35,30 @@
{% block script %}
{% end %}
+function getCookie(name) {
+ var r = document.cookie.match("\\b" + name + "=([^;]*)\\b");
+ return r ? r[1] : undefined;
+}
+
+jQuery.postJSON = function(url, args, callback) {
+ args._xsrf = getCookie("_xsrf");
+ $.ajax({url: url, data: $.param(args), dataType: "text", type: "POST",
+ success: function(response) {
+ callback(eval("(" + response + ")"));
+ }});
+};
+
$(document).ready(function() {
+ $('.delete').click(function() {
+ if (confirm("Delete this item?"))
+ $.postJSON($(this).attr('href'), function(data) {
+ // Reload the current page...
+ location.reload();
+ return false;
+ });
+ return false;
+ });
+
{% block jquery %}
{% end %}
});
diff --git a/server/hms/templates/media.html b/server/hms/templates/media.html
@@ -19,7 +19,7 @@
<td>
{% if name == 'admin' %}
<a href="/media/edit/{{item["id"]}}">EDIT</a>
- <a href="/media/delete/{{item["id"]}}">DELETE</a>
+ <a href="/media/delete/{{item["id"]}}" class="delete">DELETE</a>
{% end %}
</td>
</tr>
diff --git a/server/hms/templates/sources.html b/server/hms/templates/sources.html
@@ -35,7 +35,7 @@
{% for source in sources %}
<li>{{ escape(source[1]) }} - {{ escape(source[3]) }}
<a href="/media/import/{{ source[0] }}">Import New Media</a>
- <a href="{{ request.path }}delete/{{ source[0] }}">Delete</a>
+ <a href="{{ request.path }}delete/{{ source[0] }}" class="delete">DELETE</a>
<a href="{{ request.path }}edit/{{ source[0] }}">Edit</a>
</li>
{% end %}
diff --git a/server/hms/templates/users.html b/server/hms/templates/users.html
@@ -41,7 +41,7 @@
{% for user in users %}
<li><img src="{{ request.path }}image/{{ user[0]}}" />
{{ escape(user[1]) }} - {{ user[2] }}
- <a href="{{ request.path }}delete/{{ user[0] }}">Delete</a>
+ <a href="{{ request.path }}delete/{{ user[0] }}" class="delete">DELETE</a>
<a href="{{ request.path }}edit/{{ user[0] }}">Edit</a>
</li>
{% end %}
