Hook up delete release modal

Author: di

warehouse/manage/views.py

@@ -109,20 +109,82 @@ def manage_project_releases(project, request):
     return {"project": project}
 
 
-@view_config(
+@view_defaults(
     route_name="manage.project.release",
     renderer="manage/release.html",
     uses_session=True,
+    require_csrf=True,
+    require_methods=False,
     permission="manage",
     effective_principals=Authenticated,
 )
-def manage_project_release(release, request):
-    project = release.project
-    return {
-        "project": project,
-        "release": release,
-        "files": release.files.all(),
-    }
+class ManageProjectRelease:
+    def __init__(self, release, request):
+        self.release = release
+        self.request = request
+
+    @view_config(request_method="GET")
+    def manage_project_release(self):
+        return {
+            "project": self.release.project,
+            "release": self.release,
+            "files": self.release.files.all(),
+        }
+
+    @view_config(
+        request_method="POST",
+        request_param=["confirm"]
+    )
+    def delete_project_release(self):
+        confirm = self.request.POST.get('confirm')
+        if not confirm:
+            self.request.session.flash(
+                "Must confirm the request.", queue='error'
+            )
+            return HTTPSeeOther(
+                self.request.route_path(
+                    'manage.project.release',
+                    project_name=self.release.project.name,
+                    version=self.release.version,
+                )
+            )
+
+        if confirm != self.release.version:
+            self.request.session.flash(
+                f"{confirm!r} is not the same as {self.release.version!r}",
+                queue="error",
+            )
+            return HTTPSeeOther(
+                self.request.route_path(
+                    'manage.project.release',
+                    project_name=self.release.project.name,
+                    version=self.release.version,
+                )
+            )
+
+        self.request.db.add(
+            JournalEntry(
+                name=self.release.project.name,
+                action="remove",
+                version=self.release.version,
+                submitted_by=self.request.user,
+                submitted_from=self.request.remote_addr,
+            ),
+        )
+
+        self.request.db.delete(self.release)
+
+        self.request.session.flash(
+            f"Successfully deleted release {self.release.version!r}.",
+            queue="success",
+        )
+
+        return HTTPSeeOther(
+            self.request.route_path(
+                'manage.project.releases',
+                project_name=self.release.project.name,
+            )
+        )
 
 
 @view_config(

warehouse/templates/manage/release.html

@@ -110,9 +110,9 @@ <h3>Delete Release</h3>
   </div>
 
   <div id="delete-release-modal" class="modal">
-    {% set project_name = project.normalized_name %}
     <div class="modal__content" role="dialog">
-      <form method="POST" action="" class="modal__form">
+      <form method="POST" class="modal__form">
+        <input name="csrf_token" type="hidden" value="{{ request.session.get_csrf_token() }}">
         <a href="#modal-close" title="Close" class="modal__close">
           <i class="fa fa-times" aria-hidden="true"></i>
           <span class="sr-only">close</span>
@@ -122,10 +122,9 @@ <h3 class="modal__title">Delete Release {{ release.version }}?</h3>
           <div class="callout-block callout-block--danger callout-block--bottom-margin no-top-margin">
             <p>Warning: This action cannot be undone!</p>
           </div>
-          <p>Confirm the project name to continue.</p>
-          <input name="csrf_token" type="hidden" value="{{ request.session.get_csrf_token() }}">
-          <label for="project-name">Project Name</label>
-          <input name="confirm" type="text" placeholder="Confirm project name" autocomplete="off" autocorrect="off" autocapitalize="off">
+          <p>Confirm the release version to continue.</p>
+          <label for="confirm">Release version</label>
+          <input name="confirm" type="text" placeholder="Confirm version" autocomplete="off" autocorrect="off" autocapitalize="off">
         </div>
         <div class="modal__footer">
           <a href="#modal-close" class="button modal__action">Cancel</a>
@@ -152,7 +151,7 @@ <h3 class="modal__title">Delete {{ file.filename }}?</h3>
             </div>
             <p>Confirm the project name to continue.</p>
             <input name="csrf_token" type="hidden" value="{{ request.session.get_csrf_token() }}">
-            <label for="project-name">Project Name</label>
+            <label for="confirm">Project Name</label>
             <input name="confirm" type="text" placeholder="Confirm project name" autocomplete="off" autocorrect="off" autocapitalize="off">
           </div>
           <div class="modal__footer">