From 0378bf6c7ce650e615f9604ba087131ef6a2afcc Mon Sep 17 00:00:00 2001
From: Kumi <git@kumi.email>
Date: Wed, 27 Mar 2024 09:34:53 +0100
Subject: [PATCH] feat: add category update and delete functionality

Introduced CategoryUpdateView and CategoryDeleteView to enable category
editing and deletion. Updated category template links to use Django's
URL template tags for safer URL resolution. Added a new template for
generic deletes, enhancing user feedback during deletion operations.
This improvement allows for more dynamic and secure category management,
aligning with the app's need for scalable user permissions and actions.

These changes not only make the URL handling more robust and
Django-native but also improve the user experience by providing clear
pathways for category management tasks, ensuring that only authorized
users can perform sensitive actions.
---
 .../users/templates/users/category.html       |  4 +-
 .../users/templates/users/generic_delete.html | 24 ++++++++++
 quackscape/users/urls.py                      | 44 ++++++++++++++-----
 quackscape/users/views.py                     | 37 ++++++++++++++++
 4 files changed, 97 insertions(+), 12 deletions(-)
 create mode 100644 quackscape/users/templates/users/generic_delete.html

diff --git a/quackscape/users/templates/users/category.html b/quackscape/users/templates/users/category.html
index 41497e6..23cc7f7 100644
--- a/quackscape/users/templates/users/category.html
+++ b/quackscape/users/templates/users/category.html
@@ -6,10 +6,10 @@
   {% endif %}
   {% if request.user.is_superuser or request.user == category.owner %}
   <div>
-    <a href="/tours/category/{{ category.id }}/edit/" class="btn btn-primary"
+    <a href="{% url "quackscape.users:category-update" category.id %}" class="btn btn-primary"
       >Edit category</a
     >
-    <a href="/tours/category/{{ category.id }}/delete/" class="btn btn-danger"
+    <a href="{% url "quackscape.users:category-delete" category.id %}" class="btn btn-danger"
       >Delete category</a
     >
   </div>
diff --git a/quackscape/users/templates/users/generic_delete.html b/quackscape/users/templates/users/generic_delete.html
new file mode 100644
index 0000000..0301f82
--- /dev/null
+++ b/quackscape/users/templates/users/generic_delete.html
@@ -0,0 +1,24 @@
+{% extends "users/base.html" %}
+{% load crispy_forms_tags %}
+
+{% block content %}
+<div class="container mt-5">
+  <div class="row justify-content-center">
+    <div class="col-md-6">
+      <div class="card">
+        <div class="card-header">
+          <h4 class="mb-0">{{ title }}</h4>
+        </div>
+        <div class="card-body">
+          <form method="post">
+            {% csrf_token %}
+            <p>Are you sure you want to delete {{ object }}?</p>
+            <a href="{% url 'quackscape.users:categories' %}" class="btn btn-secondary">Cancel</a>
+            <button type="submit" class="btn btn-danger">Delete</button>
+          </form>
+        </div>
+      </div>
+    </div>
+  </div>
+</div>
+{% endblock %}
diff --git a/quackscape/users/urls.py b/quackscape/users/urls.py
index 0fdfe45..2285273 100644
--- a/quackscape/users/urls.py
+++ b/quackscape/users/urls.py
@@ -1,15 +1,39 @@
-from .views import UserAreaMainView, CategoriesView, CategoryView, FileUploadView, Login, Logout, CategoryCreateView
+from .views import (
+    UserAreaMainView,
+    CategoriesView,
+    CategoryView,
+    FileUploadView,
+    Login,
+    Logout,
+    CategoryCreateView,
+    CategoryDeleteView,
+    CategoryUpdateView,
+)
 
 from django.urls import path
 
-app_name = 'quackscape.users'
+app_name = "quackscape.users"
 
 urlpatterns = [
-    path('', UserAreaMainView.as_view(), name='user-area-main'),
-    path('categories/', CategoriesView.as_view(), name='categories'),
-    path('category/create/', CategoryCreateView.as_view(), name='category-create'),
-    path('category/<uuid:category>/', CategoryView.as_view(), name='category'),
-    path('category/<uuid:category>/upload/', FileUploadView.as_view(), name='media-upload'),
-    path('login/',  Login.as_view(), name='login'),
-    path('logout/', Logout.as_view(), name='logout'),
-]
\ No newline at end of file
+    path("", UserAreaMainView.as_view(), name="user-area-main"),
+    path("categories/", CategoriesView.as_view(), name="categories"),
+    path("category/create/", CategoryCreateView.as_view(), name="category-create"),
+    path("category/<uuid:category>/", CategoryView.as_view(), name="category"),
+    path(
+        "category/<uuid:category>/update/",
+        CategoryUpdateView.as_view(),
+        name="category-update",
+    ),
+    path(
+        "category/<uuid:category>/delete/",
+        CategoryDeleteView.as_view(),
+        name="category-delete",
+    ),
+    path(
+        "category/<uuid:category>/upload/",
+        FileUploadView.as_view(),
+        name="media-upload",
+    ),
+    path("login/", Login.as_view(), name="login"),
+    path("logout/", Logout.as_view(), name="logout"),
+]
diff --git a/quackscape/users/views.py b/quackscape/users/views.py
index f1b5419..7db789c 100644
--- a/quackscape/users/views.py
+++ b/quackscape/users/views.py
@@ -88,6 +88,43 @@ class CategoryCreateView(LoginRequiredMixin, TitleMixin, CreateView):
         )
 
 
+class CategoryUpdateView(LoginRequiredMixin, TitleMixin, UpdateView):
+    template_name = "users/generic_form.html"
+    title = "Update Category"
+    form_class = CategoryForm
+    model = Category
+
+    def get_object(self):
+        try:
+            category = Category.objects.get(id=self.kwargs["category"])
+            assert category.user_has_permission(self.request.user)
+            return category
+        except (Category.DoesNotExist, AssertionError):
+            raise Http404()
+
+    def get_success_url(self):
+        return reverse_lazy(
+            "quackscape.users:category", kwargs={"category": self.object.id}
+        )
+
+
+class CategoryDeleteView(LoginRequiredMixin, TitleMixin, DeleteView):
+    template_name = "users/generic_delete.html"
+    title = "Delete Category"
+    model = Category
+
+    def get_object(self):
+        try:
+            category = Category.objects.get(id=self.kwargs["category"])
+            assert category.user_has_permission(self.request.user)
+            return category
+        except (Category.DoesNotExist, AssertionError):
+            raise Http404()
+
+    def get_success_url(self):
+        return reverse_lazy("quackscape.users:categories")
+
+
 class FileUploadView(LoginRequiredMixin, GenericAPIView):
     parser_classes = (MultiPartParser, FormParser)