From 683e193f9abf6e717204ed34201461b3d4240be2 Mon Sep 17 00:00:00 2001
From: Andrew Williams <andy@tensixtyone.com>
Date: Wed, 6 Jun 2012 18:52:09 +0100
Subject: [PATCH] Update delete to CBV, add in support for soft deletes.

---
 app/conf/common.py                            |  6 ++-
 .../eve_api/eveaccount_confirm_delete.html    | 16 ++++++++
 app/eve_api/urls.py                           |  4 +-
 app/eve_api/views/base.py                     | 39 +++++++++++--------
 app/sso/templates/sso/profile.html            |  2 +-
 5 files changed, 47 insertions(+), 20 deletions(-)
 create mode 100644 app/eve_api/templates/eve_api/eveaccount_confirm_delete.html

diff --git a/app/conf/common.py b/app/conf/common.py
index d2e06ff..1e92dbc 100644
--- a/app/conf/common.py
+++ b/app/conf/common.py
@@ -148,7 +148,11 @@ GARGOYLE_SWITCH_DEFAULTS = {
       'label': 'Disable API Backend Processing',
       'description': 'Disables backend processing for the EVE API, stops Auth hammering the API during outages',
     }
-
+    'eve-softkeydelete': {
+      'is_active': False,
+      'label': 'Soft API Key Deletions',
+      'description': 'API Keys are not deleted from the database, only removed from the user.',
+    },
 }
 
 LOGGING = {
diff --git a/app/eve_api/templates/eve_api/eveaccount_confirm_delete.html b/app/eve_api/templates/eve_api/eveaccount_confirm_delete.html
new file mode 100644
index 0000000..cd9e521
--- /dev/null
+++ b/app/eve_api/templates/eve_api/eveaccount_confirm_delete.html
@@ -0,0 +1,16 @@
+{% extends "base.html" %}
+
+{% block title %}Delete EVE API Key {{ object.pk }}{% endblock %}
+
+{% block content %}
+<div class="page-header">
+  <h1>Confirm EVE API Key deletion</h1>
+</div>
+<p>You are about to remove EVE API Key {{ object.pk }} from Auth, once deleted Auth with recheck your permissions and make modifications to your account as required. <b>You may lose access to TEST services if this API key is the only one providing permissions for your account</b>.</p>
+
+<form action="{% url eveapi-delete object.pk %}" method="post">
+<input type="submit" value="Confirm Deletion" class="btn error"/>
+{% csrf_token %} 
+</fieldset>
+</form>
+{% endblock %}
\ No newline at end of file
diff --git a/app/eve_api/urls.py b/app/eve_api/urls.py
index 7256a63..a1e7b02 100644
--- a/app/eve_api/urls.py
+++ b/app/eve_api/urls.py
@@ -7,8 +7,8 @@ from eve_api import views
 urlpatterns = patterns('',
     url(r'^eveapi/add/$', views.eveapi_add, name="eveapi-add"),
     url(r'^eveapi/update/(?P<userid>\d+)/$', views.eveapi_update, name="eveapi-update"),
-    url(r'^eveapi/delete/(?P<userid>\d+)/$', views.eveapi_del, name="eveapi-delete"),
-    url(r'^eveapi/refresh/(?P<pk>\d+)/$', login_required(views.EVEAPIRefresh.as_view()), name="eveapi-refresh"),
+    url(r'^eveapi/delete/(?P<pk>\d+)/$', login_required(views.EVEAPIDeleteView.as_view()), name="eveapi-delete"),
+    url(r'^eveapi/refresh/(?P<pk>\d+)/$', login_required(views.EVEAPIRefreshView.as_view()), name="eveapi-refresh"),
     url(r'^eveapi/log/(?P<userid>\d+)/$', login_required(views.EVEAPILogView.as_view()), name="eveapi-log"),
     url(r'^eveapi/access/(?P<slug>\d+)/$', login_required(views.EVEAPIAccessView.as_view()), name="eveapi-accessview"),
 
diff --git a/app/eve_api/views/base.py b/app/eve_api/views/base.py
index 18d8ca8..5501715 100644
--- a/app/eve_api/views/base.py
+++ b/app/eve_api/views/base.py
@@ -1,11 +1,11 @@
 import csv
 
 from django.core import serializers
-from django.core.urlresolvers import reverse
+from django.core.urlresolvers import reverse, reverse_lazy
 from django.http import HttpResponse, Http404, HttpResponseForbidden, HttpResponseRedirect
 from django.shortcuts import render_to_response, get_object_or_404, redirect
 from django.template import RequestContext
-from django.views.generic import TemplateView, DetailView, ListView, View
+from django.views.generic import TemplateView, DetailView, ListView, DeleteView, View
 from django.views.generic.detail import SingleObjectMixin
 from django.contrib import messages
 from django.contrib.auth.decorators import login_required
@@ -95,23 +95,30 @@ def eveapi_update(request, userid, post_save_redirect='/', template='eve_api/upd
     return render_to_response(template, context, context_instance=RequestContext(request))
 
 
-@login_required
-def eveapi_del(request, userid, post_save_redirect='/'):
-    """ Delete a EVE API key from a account """
+class EVEAPIDeleteView(DeleteView):
+    """Deletes a EVE API key that exists within the system after confirmation"""
 
-    if gargoyle.is_active('eve-keydelete', request):
-        try:
-            acc = EVEAccount.objects.get(pk=userid)
-        except EVEAccount.DoesNotExist:
-            return redirect(post_save_redirect)
-        if acc.user == request.user:
-            acc.delete()
-            messages.success(request, "EVE API key successfully deleted.", fail_silently=True)
+    model = EVEAccount
+    success_url = reverse_lazy('sso-profile')
 
-    return redirect(post_save_redirect)
+    def dispatch(self, request, *args, **kwargs):
+        if not gargoyle.is_active('eve-keydelete', request):
+            return HttpResponseForbidden()
+        return super(EVEAPIDeleteView, self).dispatch(request, *args, **kwargs)
+
+    def delete(self, request, *args, **kwargs):
+        self.object = self.get_object()
+        keyid = self.object.pk
+        if not gargoyle.is_active('eve-softkeydelete', request)
+            self.object.delete()
+        else:
+            self.object.user = None
+            self.object.save()
+        messages.success(self.request, 'EVE API key %s successfully deleted.' % keyid, fail_silently=True)
+        return HttpResponseRedirect(self.get_success_url())
 
 
-class EVEAPIRefresh(SingleObjectMixin, View):
+class EVEAPIRefreshView(SingleObjectMixin, View):
     """Force a refresh of a EVE API key, accepts requests via AJAX or normal requests"""
     
     model = EVEAccount
@@ -131,7 +138,7 @@ class EVEAPIRefresh(SingleObjectMixin, View):
                 ret = [acc]
             return HttpResponse(serializers.serialize('json', ret), mimetype='application/javascript') 
         else:
-            messages.add_message(request, messages.INFO, "Key %s has been queued to be refreshed from the API" % acc.api_user_id)
+            messages.add_message(self.request, messages.INFO, "Key %s has been queued to be refreshed from the API" % acc.api_user_id)
         return HttpResponseRedirect('/')            
     
 
diff --git a/app/sso/templates/sso/profile.html b/app/sso/templates/sso/profile.html
index 32c30b5..dbb77a0 100644
--- a/app/sso/templates/sso/profile.html
+++ b/app/sso/templates/sso/profile.html
@@ -101,7 +101,7 @@
         <td>{% ifswitch api-disableprocessing %}{% else %}<a href="{% url eveapi-refresh acc.api_user_id %}"  onclick="javascript:refresh_apikey({{ acc.api_user_id }}); return false;">Refresh</a>,&nbsp;
           <a href="{% url eve_api.views.eveapi_update acc.api_user_id %}">Update Key</a>,&nbsp;{% endifswitch %}
           <a href="{% url eveapi-log acc.api_user_id %}">Logs</a>{% ifswitch eve-keydelete %},&nbsp;
-          <a href="{% url eve_api.views.eveapi_del acc.api_user_id %}">Delete</a>{% endifswitch %}</td>
+          <a href="{% url eveapi-delete acc.api_user_id %}">Delete</a>{% endifswitch %}</td>
       </tr>
   {% endfor %}
     </tbody>