Upgrade to current (1.6.0) classic template query.edit.html.

rouilj · rouilj · commit 72636a745af7 · 2017-09-24T19:05:56.000-04:00
diff --git a/website/issues/html/query.edit.html b/website/issues/html/query.edit.html
@@ -1,20 +1,51 @@
+<!-- dollarId: user.item,v 1.7 2002/08/16 04:29:04 richard Exp dollar-->
 <tal:block metal:use-macro="templates/page/macros/icing">
 <title metal:fill-slot="head_title" i18n:translate=""
  >"Your Queries" Editing - <span tal:replace="config/TRACKER_NAME"
  i18n:name="tracker" /></title>
 <span metal:fill-slot="body_title" tal:omit-tag="python:1"
  i18n:translate="">"Your Queries" Editing</span>
 
-<td class="content" metal:fill-slot="content">
+<td class="content" metal:fill-slot="content"
+    tal:define="anti_csrf_this_page python:utils.anti_csrf_nonce()" >
 
 <span tal:condition="not:context/is_edit_ok"
  i18n:translate="">You are not allowed to edit queries.</span>
 
-<script language="javascript">
-// This exists solely because I can't figure how to get the & into an
-// attributes TALES expression, and so it keeps getting quoted.
-function retire(qid) {
-    window.location = 'query'+qid+'?@action=retire&@template=edit';
+<script tal:attributes="nonce request/client/client_nonce"
+	language="javascript">
+// This allows us to make the delete button an immediate action.
+// The post_to_url function comes from:
+//    http://stackoverflow.com/questions/133925/javascript-post-request-like-a-form-submit
+function retire(qid, csrf) {
+    post_to_url('query'+qid, {'@action': 'retire', '@template':'edit',
+                '@csrf': csrf});
+}
+
+function restore(qid, csrf) {
+    post_to_url('query'+qid, {'@action': 'restore', '@template': 'edit',
+                '@csrf': csrf});
+}
+function post_to_url(path, params, method) {
+    method = method || "post"; // Set method to post by default if not specified.
+
+    var form = document.createElement("form");
+    form.setAttribute("method", method);
+    form.setAttribute("action", path);
+
+    for(var key in params) {
+        if(params.hasOwnProperty(key)) {
+            var hiddenField = document.createElement("input");
+            hiddenField.setAttribute("type", "hidden");
+            hiddenField.setAttribute("name", key);
+            hiddenField.setAttribute("value", params[key]);
+
+            form.appendChild(hiddenField);
+         }
+    }
+
+    document.body.appendChild(form);
+    form.submit();
 }
 </script>
 
@@ -28,12 +59,15 @@
     <th i18n:translate="">Include in "Your Queries"</th>
     <th i18n:translate="">Edit</th>
     <th i18n:translate="">Private to you?</th>
-    <th>&nbsp;</th>
+    <th i18n:translate="">delete/restore<br> (javascript<br>required)</th>
+</tr>
+<tr>
+ <td colspan="5"><b i18n:translate="">Queries I created</b></td>
 </tr>
 
-<tr tal:repeat="query mine">
- <tal:block condition="query/is_retired">
-
+<tr tal:define="queries python:db.query.filter(filterspec={'creator': uid})"
+    tal:repeat="query queries">
+ <tal:block>
  <td><a tal:attributes="href string:${query/klass}?${query/url}"
         tal:content="query/name">query</a></td>
 
@@ -50,54 +84,87 @@
   </select>
  </td>
 
- <td colspan="3" i18n:translate="">[query is retired]</td>
-
- <!-- <td> maybe offer "restore" some day </td> -->
- </tal:block>
-</tr>
-
-<tr tal:define="queries python:db.query.filter(filterspec={'private_for':uid})"
-     tal:repeat="query queries">
- <td><a tal:attributes="href string:${query/klass}?${query/url}"
-        tal:content="query/name">query</a></td>
-
- <td metal:use-macro="template/macros/include" />
-
  <td><a tal:attributes="href string:query${query/id}" i18n:translate="">edit</a></td>
 
  <td>
   <select tal:attributes="name string:query${query/id}@private_for">
    <option tal:attributes="selected python:query.private_for == uid;
            value uid" i18n:translate="">yes</option>
-   <option tal:attributes="selected python:query.private_for == None"
+   <option tal:attributes="selected python:not query.private_for"
            value="-1" i18n:translate="">no</option>
   </select>
  </td>
 
  <td>
   <input type="button" value="Delete" i18n:attributes="value"
-  tal:attributes="onClick python:'''retire('%s')'''%query.id">
+  tal:attributes="onClick python:'''retire('%s','%s')'''%(query.id,anti_csrf_this_page)">
   </td>
+  </tal:block>
+</tr>
+<tr>
+ <td colspan="4"><b i18n:translate="">Queries others created</b></td>
+ <td colspan="4"><b i18n:translate="">Owner</b></td>
 </tr>
 
-<tr tal:define="queries python:db.query.filter(filterspec={'private_for':None})"
+<tr tal:define="queries
+		python:db.query.filter(filterspec={'private_for': None})"
      tal:repeat="query queries">
+ <tal:block tal:condition="python:not query.creator == uid">
  <td><a tal:attributes="href string:${query/klass}?${query/url}"
         tal:content="query/name">query</a></td>
 
  <td metal:use-macro="template/macros/include" />
 
- <td colspan="3" tal:condition="query/is_edit_ok">
-  <a tal:attributes="href string:query${query/id}" i18n:translate="">edit</a>
- </td>
- <td tal:condition="not:query/is_edit_ok" colspan="3"
+ <td colspan="2" tal:condition="not:query/is_edit_ok"
     i18n:translate="">[not yours to edit]</td>
-
+ <td colspan="2" tal:condition="query/is_edit_ok"
+    i18n:translate=""><a tal:attributes="href string:query${query/id}" i18n:translate="">edit</a></td>
+ <td colspan="2"
+    tal:content="query/creator" i18n:translate="">put query owner here</td>
+ </tal:block>
 </tr>
 
+<tr>
+ <td colspan="5"><b i18n:translate="">Active retired/private queries</b></td>
+</tr>
+<tal:block tal:repeat="query request/user/queries">
+<tr>
+ <tal:block condition="python:path('query/is_retired')">
+ <td><a tal:attributes="href string:${query/klass}?${query/url}"
+        tal:content="query/name">query</a></td>
+ <tal:block tal:condition="python: not query.creator == uid">
+    <td metal:use-macro="template/macros/include"> </td>
+ </tal:block>
+ <td colspan="2" tal:condition="python: not query.creator == uid" i18n:translate="">[query is retired]</td>
+ <td colspan="3" tal:condition="python:  query.creator == uid" i18n:translate="">[query is retired]</td>
+ <td tal:condition="python:query.creator == uid">
+  <input type="button" value="Restore" i18n:attributes="value"
+  tal:attributes="onClick python:'''restore('%s','%s')'''%(query.id,anti_csrf_this_page)">
+  </td>
+ <td colspan="1" tal:condition="python:not query.creator == uid" tal:content="query/creator" i18n:translate="">put query owner here</td>
+ </tal:block>
+</tr>
+<tr>
+ <tal:block condition="python:path('query/private_for') and (not query.creator == uid)">
+ <td><a tal:attributes="href string:${query/klass}?${query/url}"
+        tal:content="query/name">query</a></td>
+ <tal:block tal:condition="python: not query.creator == uid">
+    <td metal:use-macro="template/macros/include"> </td>
+ </tal:block>
+ <td colspan="2" i18n:translate="">[query is private]</td>
+ <td tal:condition="python:query.creator == uid">
+  <input type="button" value="Restore" i18n:attributes="value"
+  tal:attributes="onClick python:'''restore('%s','%s')'''%(query.id,anti_csrf_this_page)">
+   </td>
+ <td colspan="1" tal:content="query/creator" i18n:translate="">put query owner here</td>
+ </tal:block>
+</tr>
+</tal:block>
 <tr><td colspan="5">
    <input type="hidden" name="@action" value="edit">
    <input type="hidden" name="@template" value="edit">
+   <input name="@csrf" type="hidden"
+          tal:attributes="value anti_csrf_this_page">
    <input type="submit" value="Save Selection" i18n:attributes="value">
 </td></tr>
 
