fix user permissions save button sometimes deleting

when you hit the delete button, it flashes the delete button and takes you to the `/service/../user/../delete` url. If you then click the save button, it would make a POST to the delete URL... and delete the user. now the page stays on the edit url, but adds a `?delete=yes` query string. The dangerous flash banner now has an action field which defines where the browser will make the POST to (which remains at /delete).
2026-06-09 07:51:21 -04:00 · 2019-03-14 17:31:51 +00:00
parent 37d12d3aa3
commit f7f9dd8530
5 changed files with 82 additions and 83 deletions
--- a/app/templates/components/banner.html
+++ b/app/templates/components/banner.html
@@ -1,4 +1,6 @@
-{% macro banner(body, type=None, with_tick=False, delete_button=None, subhead=None, context=None) %}
+{% from "components/form.html" import form_wrapper %}
+
+{% macro banner(body, type=None, with_tick=False, delete_button=None, subhead=None, context=None, action=None) %}
  <div
    class='banner{% if type %}-{{ type }}{% endif %}{% if with_tick %}-with-tick{% endif %}'
    {% if type == 'dangerous' %}
@@ -16,14 +18,14 @@
    </p>
    {% endif %}
    {% if delete_button %}
-      <form method='post'>
+      {% call form_wrapper(action=action) %}
        <input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
        <button type="submit" class="button" name="delete">{{ delete_button }}</button>
-      </form>
+      {% endcall %}
    {% endif %}
  </div>
 {% endmacro %}

-{% macro banner_wrapper(type=None, with_tick=False, delete_button=None, subhead=None) %}
-  {{ banner(caller()|safe, type=type, with_tick=with_tick, delete_button=delete_button, subhead=subhead) }}
+{% macro banner_wrapper(type=None, with_tick=False, delete_button=None, subhead=None, action=None) %}
+  {{ banner(caller()|safe, type=type, with_tick=with_tick, delete_button=delete_button, subhead=subhead, action=action) }}
 {% endmacro %}