diff --git a/rhodecode/controllers/admin/gists.py b/rhodecode/controllers/admin/gists.py
--- a/rhodecode/controllers/admin/gists.py
+++ b/rhodecode/controllers/admin/gists.py
@@ -41,7 +41,7 @@ from rhodecode.lib.base import BaseContr
from rhodecode.lib.auth import LoginRequired, NotAnonymous
from rhodecode.lib.utils2 import safe_str, safe_int, time_to_datetime
from rhodecode.lib.helpers import Page
-from webob.exc import HTTPNotFound
+from webob.exc import HTTPNotFound, HTTPForbidden
from sqlalchemy.sql.expression import or_
from rhodecode.lib.vcs.exceptions import VCSError
@@ -151,6 +151,16 @@ class GistsController(BaseController):
# h.form(url('gist', id=ID),
# method='delete')
# url('gist', id=ID)
+ gist = GistModel().get_gist(id)
+ owner = gist.gist_owner == c.rhodecode_user.user_id
+ if h.HasPermissionAny('hg.admin')() or owner:
+ GistModel().delete(gist)
+ Session().commit()
+ h.flash(_('Deleted gist %s') % gist.gist_access_id, category='success')
+ else:
+ raise HTTPForbidden()
+
+ return redirect(url('gists'))
@LoginRequired()
def show(self, id, format='html'):
diff --git a/rhodecode/templates/admin/gists/show.html b/rhodecode/templates/admin/gists/show.html
--- a/rhodecode/templates/admin/gists/show.html
+++ b/rhodecode/templates/admin/gists/show.html
@@ -48,9 +48,11 @@
${c.gist.gist_description}
## only owner should see that
- %if c.gist.owner.username == c.rhodecode_user.username:
+ %if h.HasPermissionAny('hg.admin')() or c.gist.gist_owner == c.rhodecode_user.user_id:
##${h.link_to(_('Edit'),h.url(''),class_="ui-btn")}
- ##${h.link_to(_('Delete'),h.url(''),class_="ui-btn red")}
+ ${h.form(url('gist', id=c.gist.gist_id),method='delete')}
+ ${h.submit('remove_gist', _('Delete'),class_="ui-btn red",onclick="return confirm('"+_('Confirm to delete this gist')+"');")}
+ ${h.end_form()}
%endif
diff --git a/rhodecode/tests/functional/test_admin_gists.py b/rhodecode/tests/functional/test_admin_gists.py
--- a/rhodecode/tests/functional/test_admin_gists.py
+++ b/rhodecode/tests/functional/test_admin_gists.py
@@ -5,11 +5,12 @@ from rhodecode.model.db import User, Gis
def _create_gist(f_name, content='some gist', lifetime=-1,
- description='gist-desc', gist_type='public'):
+ description='gist-desc', gist_type='public',
+ owner=TEST_USER_ADMIN_LOGIN):
gist_mapping = {
f_name: {'content': content}
}
- user = User.get_by_username(TEST_USER_ADMIN_LOGIN)
+ user = User.get_by_username(owner)
gist = GistModel().create(description, owner=user,
gist_mapping=gist_mapping, gist_type=gist_type,
lifetime=lifetime)
@@ -109,8 +110,21 @@ class TestGistsController(TestController
response = self.app.put(url('gist', id=1))
def test_delete(self):
- self.skipTest('not implemented')
- response = self.app.delete(url('gist', id=1))
+ self.log_user()
+ gist = _create_gist('delete-me')
+ response = self.app.delete(url('gist', id=gist.gist_id))
+ self.checkSessionFlash(response, 'Deleted gist %s' % gist.gist_id)
+
+ def test_delete_normal_user_his_gist(self):
+ self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
+ gist = _create_gist('delete-me', owner=TEST_USER_REGULAR_LOGIN)
+ response = self.app.delete(url('gist', id=gist.gist_id))
+ self.checkSessionFlash(response, 'Deleted gist %s' % gist.gist_id)
+
+ def test_delete_normal_user_not_his_own_gist(self):
+ self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
+ gist = _create_gist('delete-me')
+ response = self.app.delete(url('gist', id=gist.gist_id), status=403)
def test_show(self):
gist = _create_gist('gist-show-me')