From a59465c9a5fa18be31f5698e07800387d0a8c4ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Sureau?= Date: Sat, 28 Jan 2012 01:35:04 +0100 Subject: [PATCH] Changed delete feature to only support POST method. Fix #21. --- budget/static/css/main.css | 15 ++++++++++----- budget/templates/list_bills.html | 10 +++++++--- budget/tests.py | 10 ++++++++++ budget/web.py | 6 +++--- 4 files changed, 30 insertions(+), 11 deletions(-) diff --git a/budget/static/css/main.css b/budget/static/css/main.css index 0174af2..ebfa67c 100644 --- a/budget/static/css/main.css +++ b/budget/static/css/main.css @@ -182,17 +182,22 @@ tr.payer_line .balance-name{ opacity: 0.6; text-align: center; } -.action a, .action a:hover { - height: 16px; - padding-left: 20px; +.action form { + margin: 0; + padding: 0; +} +.action button, .action button:hover { + width: auto; + margin: 0; + padding: 0 0 0 20px; } -.delete a, .delete a:hover { +.delete button, .delete button:hover { background: url('images/deleter.png') left no-repeat; color: red; } -.reactivate a, .reactivate a:hover { +.reactivate button, .reactivate button:hover { background: url('images/reactivate.png') left no-repeat; color: white; } diff --git a/budget/templates/list_bills.html b/budget/templates/list_bills.html index b698da6..7d3ff11 100644 --- a/budget/templates/list_bills.html +++ b/budget/templates/list_bills.html @@ -27,7 +27,7 @@ // ask for confirmation before removing an user $('.action').each(function(){ $(this).hide(); - var link = $(this).find('a'); + var link = $(this).find('button'); link.click(function(){ if ($(this).hasClass("confirm")){ return true; @@ -83,9 +83,13 @@ {% if balance[member.id] > 0 %}+{% endif %}{{ balance[member.id] }} {% if member.activated %} - {{ _("delete") }} + +
+
{% else %} - {{ _("reactivate") }} + +
+
{% endif %} {% endfor %} diff --git a/budget/tests.py b/budget/tests.py index a5022ce..0dcd8a1 100644 --- a/budget/tests.py +++ b/budget/tests.py @@ -214,6 +214,16 @@ class BudgetTestCase(TestCase): self.assertEqual( len(models.Project.query.get("randomid").active_members), 1) + def test_member_delete_method(self): + self.post_project("raclette") + self.login("raclette") + + # adds a member to this project + self.app.post("/raclette/members/add", data={'name': 'alexis' }) + + # try to remove the member using GET method + response = self.app.get("/raclette/members/1/delete") + self.assertEqual(response.status_code, 405) def test_demo(self): # Test that it is possible to connect automatically by going onto /demo diff --git a/budget/web.py b/budget/web.py index 2a3715e..bee07e0 100644 --- a/budget/web.py +++ b/budget/web.py @@ -185,7 +185,7 @@ def edit_project(): return render_template("edit_project.html", form=form) -@main.route("//delete", methods=["GET"]) +@main.route("//delete", methods=["POST"]) def remove_project(): g.project.remove_project() @@ -265,7 +265,7 @@ def add_member(): return render_template("add_member.html", form=form) -@main.route("//members//reactivate", methods=["GET",]) +@main.route("//members//reactivate", methods=["POST"]) def reactivate(member_id): person = Person.query.filter(Person.id == member_id)\ .filter(Project.id == g.project.id).all() @@ -276,7 +276,7 @@ def reactivate(member_id): return redirect(url_for(".list_bills")) -@main.route("//members//delete", methods=["GET", "POST"]) +@main.route("//members//delete", methods=["POST"]) def remove_member(member_id): member = g.project.remove_member(member_id) if member.activated == False: