Ezio Melotti <ezio.melo...@gmail.com> added the comment: There seem to be two issues here:
1) The request needs to be submit via post, and the current js workaround uses get. The whole table to edit queries is in a form, with action="query". The "delete" request must be sent to queryXX (where XX is the id of the query to be deleted), therefore every delete button needs its own form with a different action="queryXX" (unless we want to use js to change the action when the user hits "delete"). These forms can't be nested inside the main form, so all the delete buttons should be moved outside (or maybe in a separate query.delete.html page); 2) permission for retiring/deleting the query are not set in the schema, so even when a post request is sent to queryXX, Roundup complains with "You do not have permission to retire query". Adding +p = db.security.addPermission(name='Retire', klass='query', check=edit_query, + description="User is allowed to retire their queries") +for r in 'User', 'Developer', 'Coordinator': + db.security.addPermissionToRole(r, p) seems to address this problem. When these two problems are addressed, retiring queries works, but there are a few remaining problems: 1) when a query is retired it should also be hidden from the menu, otherwise it will still be listed under "your queries"; 2) we should decide where to put all the delete buttons or come up with some better design; 3) we might allow coordinators to retire any query too. _______________________________________________________ PSF Meta Tracker <metatrac...@psf.upfronthosting.co.za> <http://psf.upfronthosting.co.za/roundup/meta/issue352> _______________________________________________________ _______________________________________________ Tracker-discuss mailing list Tracker-discuss@python.org http://mail.python.org/mailman/listinfo/tracker-discuss
