diff --git a/bookwyrm/templates/snippets/shelf.html b/bookwyrm/templates/snippets/shelf.html index 1ca5ed60..2df8b024 100644 --- a/bookwyrm/templates/snippets/shelf.html +++ b/bookwyrm/templates/snippets/shelf.html @@ -76,5 +76,15 @@ {% else %}

This shelf is empty.

+{% if shelf.editable %} +
+ {% csrf_token %} + + +
+{% endif %} + {% endif %} diff --git a/bookwyrm/urls.py b/bookwyrm/urls.py index d55c6f61..1627bb78 100644 --- a/bookwyrm/urls.py +++ b/bookwyrm/urls.py @@ -122,6 +122,7 @@ urlpatterns = [ re_path(r'^create-shelf/?$', actions.create_shelf), re_path(r'^edit-shelf/(?P\d+)?$', actions.edit_shelf), + re_path(r'^delete-shelf/(?P\d+)?$', actions.delete_shelf), re_path(r'^shelve/?$', actions.shelve), re_path(r'^unshelve/?$', actions.unshelve), re_path(r'^start-reading/?$', actions.start_reading), diff --git a/bookwyrm/view_actions.py b/bookwyrm/view_actions.py index 518aa271..0056dbae 100644 --- a/bookwyrm/view_actions.py +++ b/bookwyrm/view_actions.py @@ -288,6 +288,8 @@ def create_shelf(request): def edit_shelf(request, shelf_id): ''' user generated shelves ''' shelf = get_object_or_404(models.Shelf, id=shelf_id) + if request.user != shelf.user: + return HttpResponseBadRequest() form = forms.ShelfForm(request.POST, instance=shelf) if not form.is_valid(): @@ -297,6 +299,17 @@ def edit_shelf(request, shelf_id): (request.user.localname, shelf.identifier)) +@login_required +def delete_shelf(request, shelf_id): + ''' user generated shelves ''' + shelf = get_object_or_404(models.Shelf, id=shelf_id) + if request.user != shelf.user or not shelf.editable: + return HttpResponseBadRequest() + + shelf.delete() + return redirect('/user/%s/shelves' % request.user.localname) + + @login_required def shelve(request): ''' put a on a user's shelf '''