Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wip to select GET or POST for actions #168

Merged
merged 2 commits into from
Sep 9, 2024
Merged

wip to select GET or POST for actions #168

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
11034e0
Action settings to controll allowed methods and display element
SupraSummus Mar 5, 2024
adab589
Merge branch 'crccheck:master' into post-actions-v2
SupraSummus Jun 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions django_object_actions/templates/django_object_actions/action_trigger.html
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
{% load add_preserved_filters from admin_urls %}

{% if tool.button_type == 'a' %}
<a href="{% add_preserved_filters action_url %}"
title="{{ tool.standard_attrs.title }}"
{% for k, v in tool.custom_attrs.items %}
{{ k }}="{{ v }}"
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

need to look into if we need to make sure the html is safe (will be one of the things I experiment with)

Suggested change
{{ k }}="{{ v }}"
{{ k }}="{{ v|escape }}"

https://docs.djangoproject.com/el/4.2/ref/templates/builtins/#escape

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

version before had this line without escape, here: https://github.com/crccheck/django-object-actions/pull/168/files#diff-7b01c579f97b840216ab2dc0fb68a59712317af56efac2504ed9edcf021480baL10

{% endfor %}
class="{{ tool.standard_attrs.class }}"
>{{ tool.label|capfirst }}</a>
{% elif tool.button_type == 'form' %}
<form method="post" action="{% add_preserved_filters action_url %}">
{% csrf_token %}
<a href="#" onclick="this.parentNode.submit(); return false;"
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I really doubt Django has styling for anything other than the <a> but it would be nice to use <button> or <input type=submit> and not need the JavaScript.

title="{{ tool.standard_attrs.title }}"
{% for k, v in tool.custom_attrs.items %}
{{ k }}="{{ v }}"
{% endfor %}
class="{{ tool.standard_attrs.class }}"
>{{ tool.label|capfirst }}</a>
</form>
{% endif %}
9 changes: 1 addition & 8 deletions django_object_actions/templates/django_object_actions/change_form.html
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,10 @@
{% extends "admin/change_form.html" %}
{% load add_preserved_filters from admin_urls %}

{% block object-tools-items %}
{% for tool in objectactions %}
<li class="objectaction-item" data-tool-name="{{ tool.name }}">
{% url tools_view_name pk=object_id tool=tool.name as action_url %}
<a href="{% add_preserved_filters action_url %}" title="{{ tool.standard_attrs.title }}"
{% for k, v in tool.custom_attrs.items %}
{{ k }}="{{ v }}"
{% endfor %}
class="{{ tool.standard_attrs.class }}">
{{ tool.label|capfirst }}
</a>
{% include 'django_object_actions/action_trigger.html' %}
</li>
{% endfor %}
{{ block.super }}
Expand Down
9 changes: 1 addition & 8 deletions django_object_actions/templates/django_object_actions/change_list.html
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,10 @@
{% extends "admin/change_list.html" %}
{% load add_preserved_filters from admin_urls %}

{% block object-tools-items %}
{% for tool in objectactions %}
<li class="objectaction-item" data-tool-name="{{ tool.name }}">
{% url tools_view_name tool=tool.name as action_url %}
<a href="{% add_preserved_filters action_url %}" title="{{ tool.standard_attrs.title }}"
{% for k, v in tool.custom_attrs.items %}
{{ k }}="{{ v }}"
{% endfor %}
class="{{ tool.standard_attrs.class }}">
{{ tool.label|capfirst }}
</a>
{% include 'django_object_actions/action_trigger.html' %}
</li>
{% endfor %}
{{ block.super }}
Expand Down
17 changes: 11 additions & 6 deletions django_object_actions/utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
from django.contrib.admin.utils import unquote
from django.db.models.query import QuerySet
from django.http import Http404, HttpResponseRedirect
from django.http.response import HttpResponseBase
from django.http.response import HttpResponseBase, HttpResponseNotAllowed
from django.views.generic import View
from django.views.generic.detail import SingleObjectMixin
from django.views.generic.list import MultipleObjectMixin
Expand Down Expand Up @@ -159,6 +159,7 @@ def _get_tool_dict(self, tool_name):
label=getattr(tool, "label", tool_name.replace("_", " ").capitalize()),
standard_attrs=standard_attrs,
custom_attrs=custom_attrs,
button_type=tool.button_type,
)

def _get_button_attrs(self, tool):
Expand Down Expand Up @@ -238,7 +239,7 @@ def back_url(self):
"""
raise NotImplementedError

def get(self, request, tool, **kwargs):
def dispatch(self, request, tool, **kwargs):
# Fix for case if there are special symbols in object pk
for k, v in self.kwargs.items():
self.kwargs[k] = unquote(v)
Expand All @@ -248,15 +249,15 @@ def get(self, request, tool, **kwargs):
except KeyError:
raise Http404("Action does not exist")

if request.method not in view.methods:
return HttpResponseNotAllowed(view.methods)

ret = view(request, *self.view_args)
if isinstance(ret, HttpResponseBase):
return ret

return HttpResponseRedirect(self.back_url)

# HACK to allow POST requests too
post = get
Comment on lines -257 to -258
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice, getting rid of a HACK


def message_user(self, request, message):
"""
Mimic Django admin actions's `message_user`.
Expand Down Expand Up @@ -314,7 +315,9 @@ def decorated_function(self, request, queryset):


def action(
function=None, *, permissions=None, description=None, label=None, attrs=None
function=None, *, permissions=None, description=None, label=None, attrs=None,
methods=('GET', 'POST'),
button_type='a',
):
"""
Conveniently add attributes to an action function:
Expand Down Expand Up @@ -349,6 +352,8 @@ def decorator(func):
func.label = label
if attrs is not None:
func.attrs = attrs
func.methods = methods
func.button_type = button_type
return func

if function is None:
Expand Down
Loading