- 
                Notifications
    You must be signed in to change notification settings 
- Fork 84
wip to select GET or POST for actions #168
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | 
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| {% load add_preserved_filters from admin_urls %} | ||
|  | ||
| {% if tool.button_type == 'a' %} | ||
| <a href="{% add_preserved_filters action_url %}" | ||
| title="{{ tool.standard_attrs.title }}" | ||
| {% for k, v in tool.custom_attrs.items %} | ||
| {{ k }}="{{ v }}" | ||
| {% endfor %} | ||
| class="{{ tool.standard_attrs.class }}" | ||
| >{{ tool.label|capfirst }}</a> | ||
| {% elif tool.button_type == 'form' %} | ||
| <form method="post" action="{% add_preserved_filters action_url %}"> | ||
| {% csrf_token %} | ||
| <a href="#" onclick="this.parentNode.submit(); return false;" | ||
| There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I really doubt Django has styling for anything other than the  | ||
| title="{{ tool.standard_attrs.title }}" | ||
| {% for k, v in tool.custom_attrs.items %} | ||
| {{ k }}="{{ v }}" | ||
| {% endfor %} | ||
| class="{{ tool.standard_attrs.class }}" | ||
| >{{ tool.label|capfirst }}</a> | ||
| </form> | ||
| {% endif %} | ||
| Original file line number | Diff line number | Diff line change | 
|---|---|---|
|  | @@ -5,7 +5,7 @@ | |
| from django.contrib.admin.utils import unquote | ||
| from django.db.models.query import QuerySet | ||
| from django.http import Http404, HttpResponseRedirect | ||
| from django.http.response import HttpResponseBase | ||
| from django.http.response import HttpResponseBase, HttpResponseNotAllowed | ||
| from django.views.generic import View | ||
| from django.views.generic.detail import SingleObjectMixin | ||
| from django.views.generic.list import MultipleObjectMixin | ||
|  | @@ -159,6 +159,7 @@ def _get_tool_dict(self, tool_name): | |
| label=getattr(tool, "label", tool_name.replace("_", " ").capitalize()), | ||
| standard_attrs=standard_attrs, | ||
| custom_attrs=custom_attrs, | ||
| button_type=tool.button_type, | ||
| ) | ||
|  | ||
| def _get_button_attrs(self, tool): | ||
|  | @@ -238,7 +239,7 @@ def back_url(self): | |
| """ | ||
| raise NotImplementedError | ||
|  | ||
| def get(self, request, tool, **kwargs): | ||
| def dispatch(self, request, tool, **kwargs): | ||
| # Fix for case if there are special symbols in object pk | ||
| for k, v in self.kwargs.items(): | ||
| self.kwargs[k] = unquote(v) | ||
|  | @@ -248,15 +249,15 @@ def get(self, request, tool, **kwargs): | |
| except KeyError: | ||
| raise Http404("Action does not exist") | ||
|  | ||
| if request.method not in view.methods: | ||
| return HttpResponseNotAllowed(view.methods) | ||
|  | ||
| ret = view(request, *self.view_args) | ||
| if isinstance(ret, HttpResponseBase): | ||
| return ret | ||
|  | ||
| return HttpResponseRedirect(self.back_url) | ||
|  | ||
| # HACK to allow POST requests too | ||
| post = get | ||
| 
      Comment on lines
    
      -257
     to 
      -258
    
   There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. nice, getting rid of a HACK | ||
|  | ||
| def message_user(self, request, message): | ||
| """ | ||
| Mimic Django admin actions's `message_user`. | ||
|  | @@ -314,7 +315,9 @@ def decorated_function(self, request, queryset): | |
|  | ||
|  | ||
| def action( | ||
| function=None, *, permissions=None, description=None, label=None, attrs=None | ||
| function=None, *, permissions=None, description=None, label=None, attrs=None, | ||
| methods=('GET', 'POST'), | ||
| button_type='a', | ||
| ): | ||
| """ | ||
| Conveniently add attributes to an action function: | ||
|  | @@ -349,6 +352,8 @@ def decorator(func): | |
| func.label = label | ||
| if attrs is not None: | ||
| func.attrs = attrs | ||
| func.methods = methods | ||
| func.button_type = button_type | ||
| return func | ||
|  | ||
| if function is None: | ||
|  | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
need to look into if we need to make sure the html is safe (will be one of the things I experiment with)
https://docs.djangoproject.com/el/4.2/ref/templates/builtins/#escape
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
version before had this line without escape, here: https://github.com/crccheck/django-object-actions/pull/168/files#diff-7b01c579f97b840216ab2dc0fb68a59712317af56efac2504ed9edcf021480baL10