Use the request module for dashboard deletions

2024-02-07 12:30:08 -05:00 · 2024-02-07 12:30:08 -05:00 · 2af7705d4c
commit 2af7705d4c
parent d4b380aa5f
2 changed files with 45 additions and 19 deletions
--- a/umap/templates/umap/map_table.html
+++ b/umap/templates/umap/map_table.html
@ -114,29 +114,18 @@
    </span>
  </div>
 {% endif %}
-<script type="text/javascript">
+<script type="module">
  !(function () {
    for (const deleteLink of document.querySelectorAll("table.maps a[href$='delete/']")) {
-      deleteLink.addEventListener('click', (event) => {
+      deleteLink.addEventListener('click', async (event) => {
        event.preventDefault()
-        const token = document.cookie.replace(
-          /(?:(?:^|.*;\s*)csrftoken\s*\=\s*([^;]*).*$)|^.*$/,
-          '$1'
-        )
+        const ui = new L.U.UI(document.querySelector('header'))
+        const server = new window.umap.ServerRequest(ui)
        if (confirm(L._('Are you sure you want to delete this map?'))) {
-          fetch(deleteLink.href, {
-            method: 'POST',
-            headers: {
-              'X-CSRFToken': token
-            },
-          })
-            .then((response) => {
+          const [data, response, error] = await server.post(deleteLink.href)
          if (response.ok) {
            window.location.reload()
          }
-              throw response
-            })
-            .catch((error) => console.debug(error))
        }
      })
    }
--- a/umap/tests/integration/test_dashboard.py
+++ b/umap/tests/integration/test_dashboard.py
@ -0,0 +1,37 @@
+from time import sleep
+
+import pytest
+from playwright.sync_api import expect
+
+from umap.models import Map
+
+pytestmark = pytest.mark.django_db
+
+
+@pytest.fixture
+def login(context, settings, live_server):
+    def do_login(user):
+        # TODO use storage state to do login only once per session
+        # https://playwright.dev/python/docs/auth
+        settings.ENABLE_ACCOUNT_LOGIN = True
+        page = context.new_page()
+        page.goto(f"{live_server.url}/en/")
+        page.locator(".login").click()
+        page.get_by_placeholder("Username").fill(user.username)
+        page.get_by_placeholder("Password").fill("123123")
+        page.locator('#login_form input[type="submit"]').click()
+        sleep(1)  # Time for ajax login POST to proceed
+        return page
+
+    return do_login
+
+
+def test_owner_can_delete_map_after_confirmation(map, live_server, login):
+    page = login(map.owner)
+    page.goto(f"{live_server.url}/en/me")
+    delete_button = page.get_by_title("Delete")
+    expect(delete_button).to_be_visible()
+    page.on("dialog", lambda dialog: dialog.accept())
+    with page.expect_response(f"/map/{map.pk}/update/delete/"):
+        delete_button.click()
+    assert Map.objects.all().count() == 0