# HG changeset patch
# User Mads Kiilerich <madski@unity3d.com>
# Date 1470313416 -7200
# Node ID 84c3d3776ab757d4c275b4c198e1cad8c50f7442
# Parent  949d50b31c222647a0a9719cd35d01d1e91adb4e
routing: use POST instead of DELETE for deleting permissions

diff -r 949d50b31c22 -r 84c3d3776ab7 kallithea/config/routing.py
--- a/kallithea/config/routing.py	Thu Aug 04 14:23:36 2016 +0200
+++ b/kallithea/config/routing.py	Thu Aug 04 14:23:36 2016 +0200
@@ -158,9 +158,9 @@
         m.connect("edit_repo_group_perms", "/repo_groups/{group_name:.*?}/edit/permissions",
                   action="update_perms",
                   conditions=dict(method=["PUT"], function=check_group))
-        m.connect("edit_repo_group_perms", "/repo_groups/{group_name:.*?}/edit/permissions",
+        m.connect("edit_repo_group_perms_delete", "/repo_groups/{group_name:.*?}/edit/permissions/delete",
                   action="delete_perms",
-                  conditions=dict(method=["DELETE"], function=check_group))
+                  conditions=dict(method=["POST"], function=check_group))
 
         m.connect("delete_repo_group", "/repo_groups/{group_name:.*?}",
                   action="delete", conditions=dict(method=["DELETE"],
@@ -243,8 +243,8 @@
                   action="edit_perms", conditions=dict(method=["GET"]))
         m.connect("edit_user_group_perms", "/user_groups/{id}/edit/perms",
                   action="update_perms", conditions=dict(method=["PUT"]))
-        m.connect("edit_user_group_perms", "/user_groups/{id}/edit/perms",
-                  action="delete_perms", conditions=dict(method=["DELETE"]))
+        m.connect("edit_user_group_perms_delete", "/user_groups/{id}/edit/perms/delete",
+                  action="delete_perms", conditions=dict(method=["POST"]))
 
         m.connect("edit_user_group_advanced", "/user_groups/{id}/edit/advanced",
                   action="edit_advanced", conditions=dict(method=["GET"]))
@@ -542,9 +542,9 @@
     rmap.connect("edit_repo_perms_update", "/{repo_name:.*?}/settings/permissions",
                  controller='admin/repos', action="edit_permissions_update",
                  conditions=dict(method=["PUT"], function=check_repo))
-    rmap.connect("edit_repo_perms_revoke", "/{repo_name:.*?}/settings/permissions",
+    rmap.connect("edit_repo_perms_revoke", "/{repo_name:.*?}/settings/permissions/delete",
                  controller='admin/repos', action="edit_permissions_revoke",
-                 conditions=dict(method=["DELETE"], function=check_repo))
+                 conditions=dict(method=["POST"], function=check_repo))
 
     rmap.connect("edit_repo_fields", "/{repo_name:.*?}/settings/fields",
                  controller='admin/repos', action="edit_fields",
diff -r 949d50b31c22 -r 84c3d3776ab7 kallithea/public/js/base.js
--- a/kallithea/public/js/base.js	Thu Aug 04 14:23:36 2016 +0200
+++ b/kallithea/public/js/base.js	Thu Aug 04 14:23:36 2016 +0200
@@ -1403,9 +1403,7 @@
     var failure = function (o) {
             alert(_TM['Failed to revoke permission'] + ": " + o.status);
         };
-    var query_params = {
-        '_method': 'delete'
-    }
+    var query_params = {};
     // put extra data into POST
     if (extra_data !== undefined && (typeof extra_data === 'object')){
         for(var k in extra_data){
diff -r 949d50b31c22 -r 84c3d3776ab7 kallithea/templates/admin/repo_groups/repo_group_edit_perms.html
--- a/kallithea/templates/admin/repo_groups/repo_group_edit_perms.html	Thu Aug 04 14:23:36 2016 +0200
+++ b/kallithea/templates/admin/repo_groups/repo_group_edit_perms.html	Thu Aug 04 14:23:36 2016 +0200
@@ -120,7 +120,7 @@
 
 <script type="text/javascript">
     function ajaxActionRevoke(obj_id, obj_type, field_id, obj_name) {
-        url = "${h.url('edit_repo_group_perms', group_name=c.repo_group.group_name)}";
+        url = "${h.url('edit_repo_group_perms_delete', group_name=c.repo_group.group_name)}";
         var revoke_msg = _TM['Confirm to revoke permission for {0}: {1} ?'].format(obj_type.replace('_', ' '), obj_name);
         if (confirm(revoke_msg)){
             var recursive = $('input[name=recursive]:checked').val();
diff -r 949d50b31c22 -r 84c3d3776ab7 kallithea/templates/admin/user_groups/user_group_edit_perms.html
--- a/kallithea/templates/admin/user_groups/user_group_edit_perms.html	Thu Aug 04 14:23:36 2016 +0200
+++ b/kallithea/templates/admin/user_groups/user_group_edit_perms.html	Thu Aug 04 14:23:36 2016 +0200
@@ -110,7 +110,7 @@
 
 <script type="text/javascript">
     function ajaxActionRevoke(obj_id, obj_type, field_id, obj_name) {
-        url = "${h.url('edit_user_group_perms', id=c.user_group.users_group_id)}";
+        url = "${h.url('edit_user_group_perms_delete', id=c.user_group.users_group_id)}";
         var revoke_msg = _TM['Confirm to revoke permission for {0}: {1} ?'].format(obj_type.replace('_', ' '), obj_name);
         if (confirm(revoke_msg)){
             ajaxActionRevokePermission(url, obj_id, obj_type, field_id);