From 8238e72e6dd558e1ab6c6d46bf775e859959805d Mon Sep 17 00:00:00 2001
From: Ethan-clay03 <ethanclay2017@gmail.com>
Date: Mon, 27 Jan 2025 19:54:12 +0000
Subject: [PATCH] Create delete booking and fix manage_bookings page for
standard admins
---
app/admin/routes.py | 19 ++++++++++++++++---
app/api/routes.py | 5 +----
app/models/listings.py | 19 +++++++++++++++++++
app/templates/admin/manage_bookings.html | 2 +-
app/templates/base.html | 10 ++++++++++
5 files changed, 47 insertions(+), 8 deletions(-)
diff --git a/app/admin/routes.py b/app/admin/routes.py
index bfb17ee..a82d898 100644
--- a/app/admin/routes.py
+++ b/app/admin/routes.py
@@ -1,5 +1,7 @@
-from flask import render_template, redirect, url_for
+from flask import render_template, redirect, url_for, request, jsonify
+from app import db
from app import admin_permission, permission_required, super_admin_permission
+from app.models import Listings
from app.admin import bp
@@ -28,9 +30,8 @@ def manage_users():
def manage_user_bookings():
return render_template('admin/index.html')
-
@bp.route('get_bookings', methods=['GET'])
-@permission_required(super_admin_permission)
+@permission_required(admin_permission)
def get_bookings():
query = db.session.query(Listings)
@@ -73,3 +74,15 @@ def get_bookings():
]
return jsonify(result)
+
+@bp.route('delete_booking', methods=['DELETE'])
+@permission_required(admin_permission)
+def delete_booking():
+ http_code = 400
+ booking_id = request.form.get('id')
+ success = Listings.delete_listing(booking_id)
+
+ if success:
+ http_code = 200
+
+ return jsonify(success), http_code
\ No newline at end of file
diff --git a/app/api/routes.py b/app/api/routes.py
index 8a37a83..18ed516 100644
--- a/app/api/routes.py
+++ b/app/api/routes.py
@@ -1,9 +1,6 @@
-from flask import jsonify, request
+from flask import jsonify
from app.api import bp
from app.models import User, Listings
-from app import db
-from app import admin_permission, permission_required, super_admin_permission
-import json
@bp.route('/user_id/<int:id>', methods=['GET'])
def get_user_by_id(id):
diff --git a/app/models/listings.py b/app/models/listings.py
index 7295ec4..08970b1 100644
--- a/app/models/listings.py
+++ b/app/models/listings.py
@@ -34,3 +34,22 @@ class Listings(db.Model):
@classmethod
def get_top_listings(cls, amount_of_listings=5):
return cls.query.limit(amount_of_listings).all()
+
+ @classmethod
+ def delete_listing(cls, booking_id = None):
+
+ listing = cls.search_listing(booking_id)
+
+ if listing:
+ db.session.delete(listing)
+ db.session.commit()
+ return True
+
+ return False
+
+ @classmethod
+ def search_listing(cls, listing_id = None):
+ if listing_id == None:
+ return False
+
+ return cls.query.get(listing_id)
diff --git a/app/templates/admin/manage_bookings.html b/app/templates/admin/manage_bookings.html
index c25e690..e3873d6 100644
--- a/app/templates/admin/manage_bookings.html
+++ b/app/templates/admin/manage_bookings.html
@@ -230,7 +230,7 @@
const confirmation_input = $('#conifrmation_input').val().trim();
if (confirmation_input === 'CONFIRM') {
$.ajax({
- url: "{{ url_for('admin.get_bookings') }}", // TO CHANGE
+ url: "{{ url_for('admin.delete_booking') }}",
method: "DELETE",
data: { id: delete_booking.data().id },
success: function() {
diff --git a/app/templates/base.html b/app/templates/base.html
index c628d89..76cdacc 100644
--- a/app/templates/base.html
+++ b/app/templates/base.html
@@ -94,4 +94,14 @@
{% endblock %}
</div>
</body>
+<script>
+ //Ensure CSRF token added to any internal requests including forms
+ $.ajaxSetup({
+ beforeSend: function(xhr, settings) {
+ if (!/^http(s)?:/.test(settings.url)) {
+ xhr.setRequestHeader("X-CSRFToken", "{{ csrf_token() }}");
+ }
+ }
+});
+</script>
</html>
--
GitLab