# HG changeset patch
# User Mads Kiilerich <madski@unity3d.com>
# Date 2016-08-04 14:23:36
# Node ID 74f880bfcb7bfe12d6b904ce705f7c24bc942fef
# Parent  9313feb209ebd176465209880f1fa96f4de01455

routing: introduce 'gist_delete' url and use POST instead of DELETE

diff --git a/kallithea/config/routing.py b/kallithea/config/routing.py
--- a/kallithea/config/routing.py
+++ b/kallithea/config/routing.py
@@ -397,8 +397,8 @@ def make_map(config):
                   action="new", conditions=dict(method=["GET"]))
 
 
-        m.connect("/gists/{gist_id}",
-                  action="delete", conditions=dict(method=["DELETE"]))
+        m.connect("gist_delete", "/gists/{gist_id}/delete",
+                  action="delete", conditions=dict(method=["POST"]))
         m.connect("edit_gist", "/gists/{gist_id}/edit",
                   action="edit", conditions=dict(method=["GET", "POST"]))
         m.connect("edit_gist_check_revision", "/gists/{gist_id}/edit/check_revision",
diff --git a/kallithea/templates/admin/gists/show.html b/kallithea/templates/admin/gists/show.html
--- a/kallithea/templates/admin/gists/show.html
+++ b/kallithea/templates/admin/gists/show.html
@@ -52,7 +52,7 @@
 
                        %if h.HasPermissionAny('hg.admin')() or c.gist.gist_owner == c.authuser.user_id:
                         <div style="float:right">
-                            ${h.form(url('gist', gist_id=c.gist.gist_id),method='delete')}
+                            ${h.form(url('gist_delete', gist_id=c.gist.gist_id))}
                                 ${h.submit('remove_gist', _('Delete'),class_="btn btn-mini btn-danger",onclick="return confirm('"+_('Confirm to delete this Gist')+"');")}
                             ${h.end_form()}
                         </div>
diff --git a/kallithea/tests/functional/test_admin_gists.py b/kallithea/tests/functional/test_admin_gists.py
--- a/kallithea/tests/functional/test_admin_gists.py
+++ b/kallithea/tests/functional/test_admin_gists.py
@@ -132,20 +132,20 @@ class TestGistsController(TestController
     def test_delete(self):
         self.log_user()
         gist = _create_gist('delete-me')
-        response = self.app.post(url('gist', gist_id=gist.gist_id),
-            params={'_method': 'delete', '_authentication_token': self.authentication_token()})
+        response = self.app.post(url('gist_delete', gist_id=gist.gist_id),
+            params={'_authentication_token': self.authentication_token()})
 
     def test_delete_normal_user_his_gist(self):
         self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
         gist = _create_gist('delete-me', owner=TEST_USER_REGULAR_LOGIN)
-        response = self.app.post(url('gist', gist_id=gist.gist_id),
-            params={'_method': 'delete', '_authentication_token': self.authentication_token()})
+        response = self.app.post(url('gist_delete', gist_id=gist.gist_id),
+            params={'_authentication_token': self.authentication_token()})
 
     def test_delete_normal_user_not_his_own_gist(self):
         self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
         gist = _create_gist('delete-me')
-        response = self.app.post(url('gist', gist_id=gist.gist_id), status=403,
-            params={'_method': 'delete', '_authentication_token': self.authentication_token()})
+        response = self.app.post(url('gist_delete', gist_id=gist.gist_id), status=403,
+            params={'_authentication_token': self.authentication_token()})
 
     def test_show(self):
         gist = _create_gist('gist-show-me')