Make shelves delete-able

bookwyrm/templates/snippets/shelf.html

@@ -76,5 +76,15 @@
 </table>
 {% else %}
 <p>This shelf is empty.</p>
+{% if shelf.editable %}
+<form name="delete-shelf" action="/delete-shelf/{{ shelf.id }}" method="post">
+    {% csrf_token %}
+    <input type="hidden" name="user" value="{{ request.user.id }}">
+    <button class="button is-danger is-light" type="submit">
+        Delete shelf
+    </button>
+</form>
+{% endif %}
+
 {% endif %}
 

bookwyrm/urls.py

@@ -122,6 +122,7 @@ urlpatterns = [
 
     re_path(r'^create-shelf/?$', actions.create_shelf),
     re_path(r'^edit-shelf/(?P<shelf_id>\d+)?$', actions.edit_shelf),
+    re_path(r'^delete-shelf/(?P<shelf_id>\d+)?$', actions.delete_shelf),
     re_path(r'^shelve/?$', actions.shelve),
     re_path(r'^unshelve/?$', actions.unshelve),
     re_path(r'^start-reading/?$', actions.start_reading),

bookwyrm/view_actions.py

@@ -288,6 +288,8 @@ def create_shelf(request):
 def edit_shelf(request, shelf_id):
     ''' user generated shelves '''
     shelf = get_object_or_404(models.Shelf, id=shelf_id)
+    if request.user != shelf.user:
+        return HttpResponseBadRequest()
 
     form = forms.ShelfForm(request.POST, instance=shelf)
     if not form.is_valid():
@@ -297,6 +299,17 @@ def edit_shelf(request, shelf_id):
             (request.user.localname, shelf.identifier))
 
 
+@login_required
+def delete_shelf(request, shelf_id):
+    ''' user generated shelves '''
+    shelf = get_object_or_404(models.Shelf, id=shelf_id)
+    if request.user != shelf.user or not shelf.editable:
+        return HttpResponseBadRequest()
+
+    shelf.delete()
+    return redirect('/user/%s/shelves' % request.user.localname)
+
+
 @login_required
 def shelve(request):
     ''' put a  on a user's shelf '''