Mercurial > kallithea
changeset 6078:84c3d3776ab7
routing: use POST instead of DELETE for deleting permissions
author | Mads Kiilerich <madski@unity3d.com> |
---|---|
date | Thu, 04 Aug 2016 14:23:36 +0200 |
parents | 949d50b31c22 |
children | e701b312989c |
files | kallithea/config/routing.py kallithea/public/js/base.js kallithea/templates/admin/repo_groups/repo_group_edit_perms.html kallithea/templates/admin/user_groups/user_group_edit_perms.html |
diffstat | 4 files changed, 9 insertions(+), 11 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/config/routing.py Thu Aug 04 14:23:36 2016 +0200 +++ b/kallithea/config/routing.py Thu Aug 04 14:23:36 2016 +0200 @@ -158,9 +158,9 @@ m.connect("edit_repo_group_perms", "/repo_groups/{group_name:.*?}/edit/permissions", action="update_perms", conditions=dict(method=["PUT"], function=check_group)) - m.connect("edit_repo_group_perms", "/repo_groups/{group_name:.*?}/edit/permissions", + m.connect("edit_repo_group_perms_delete", "/repo_groups/{group_name:.*?}/edit/permissions/delete", action="delete_perms", - conditions=dict(method=["DELETE"], function=check_group)) + conditions=dict(method=["POST"], function=check_group)) m.connect("delete_repo_group", "/repo_groups/{group_name:.*?}", action="delete", conditions=dict(method=["DELETE"], @@ -243,8 +243,8 @@ action="edit_perms", conditions=dict(method=["GET"])) m.connect("edit_user_group_perms", "/user_groups/{id}/edit/perms", action="update_perms", conditions=dict(method=["PUT"])) - m.connect("edit_user_group_perms", "/user_groups/{id}/edit/perms", - action="delete_perms", conditions=dict(method=["DELETE"])) + m.connect("edit_user_group_perms_delete", "/user_groups/{id}/edit/perms/delete", + action="delete_perms", conditions=dict(method=["POST"])) m.connect("edit_user_group_advanced", "/user_groups/{id}/edit/advanced", action="edit_advanced", conditions=dict(method=["GET"])) @@ -542,9 +542,9 @@ rmap.connect("edit_repo_perms_update", "/{repo_name:.*?}/settings/permissions", controller='admin/repos', action="edit_permissions_update", conditions=dict(method=["PUT"], function=check_repo)) - rmap.connect("edit_repo_perms_revoke", "/{repo_name:.*?}/settings/permissions", + rmap.connect("edit_repo_perms_revoke", "/{repo_name:.*?}/settings/permissions/delete", controller='admin/repos', action="edit_permissions_revoke", - conditions=dict(method=["DELETE"], function=check_repo)) + conditions=dict(method=["POST"], function=check_repo)) rmap.connect("edit_repo_fields", "/{repo_name:.*?}/settings/fields", controller='admin/repos', action="edit_fields",
--- a/kallithea/public/js/base.js Thu Aug 04 14:23:36 2016 +0200 +++ b/kallithea/public/js/base.js Thu Aug 04 14:23:36 2016 +0200 @@ -1403,9 +1403,7 @@ var failure = function (o) { alert(_TM['Failed to revoke permission'] + ": " + o.status); }; - var query_params = { - '_method': 'delete' - } + var query_params = {}; // put extra data into POST if (extra_data !== undefined && (typeof extra_data === 'object')){ for(var k in extra_data){
--- a/kallithea/templates/admin/repo_groups/repo_group_edit_perms.html Thu Aug 04 14:23:36 2016 +0200 +++ b/kallithea/templates/admin/repo_groups/repo_group_edit_perms.html Thu Aug 04 14:23:36 2016 +0200 @@ -120,7 +120,7 @@ <script type="text/javascript"> function ajaxActionRevoke(obj_id, obj_type, field_id, obj_name) { - url = "${h.url('edit_repo_group_perms', group_name=c.repo_group.group_name)}"; + url = "${h.url('edit_repo_group_perms_delete', group_name=c.repo_group.group_name)}"; var revoke_msg = _TM['Confirm to revoke permission for {0}: {1} ?'].format(obj_type.replace('_', ' '), obj_name); if (confirm(revoke_msg)){ var recursive = $('input[name=recursive]:checked').val();
--- a/kallithea/templates/admin/user_groups/user_group_edit_perms.html Thu Aug 04 14:23:36 2016 +0200 +++ b/kallithea/templates/admin/user_groups/user_group_edit_perms.html Thu Aug 04 14:23:36 2016 +0200 @@ -110,7 +110,7 @@ <script type="text/javascript"> function ajaxActionRevoke(obj_id, obj_type, field_id, obj_name) { - url = "${h.url('edit_user_group_perms', id=c.user_group.users_group_id)}"; + url = "${h.url('edit_user_group_perms_delete', id=c.user_group.users_group_id)}"; var revoke_msg = _TM['Confirm to revoke permission for {0}: {1} ?'].format(obj_type.replace('_', ' '), obj_name); if (confirm(revoke_msg)){ ajaxActionRevokePermission(url, obj_id, obj_type, field_id);