Another simple one – this time a DeleteView
from delete_object
.
Before:
@permission_required('b2c.delete_b2ctrack') def delete_track(request,id): track = get_object_or_404(B2CTrack, pk=id) if track.allow_delete: return delete_object(request, model=B2CTrack, object_id=id, post_delete_redirect=reverse('track_list'), template_name='track_confirm_delete.html') else: return HttpResponseRedirect(reverse('track_view', kwargs = {'pk':id} ))
After:
class TrackDeleteView(DeleteView): template_name = 'track_confirm_delete.html' model = B2CTrack def get_success_url(self): return reverse('track_list') ## Override dispatch to apply the permission decorator @method_decorator(permission_required('b2c.delete_b2ctrack')) def dispatch(self, request, *args, **kwargs): return super(TrackDeleteView, self).dispatch(request, *args, **kwargs) ## Only return object if the allow_delete property is True def get_object(self, *args, **kwargs): object = super(TrackDeleteView,self).get_object(*args, **kwargs) if object.allow_delete: return object else: raise Http404
The old code would redirect back to the view for the same object if the allow_delete
property was false. (allow_delete is a property I use on my models to check for dependent DB entries) Since one has to monkey with the URL to even attempt a delete of an object that isn’t allowed, I decided a 404 was more appropriate. Lesson for the User: Don’t Monkey with URLs!!
Comments are closed.