feature #427 Do not use a Symfony Form to delete an article (lyrixx)

javiereguiluz · javiereguiluz · commit c700a5543b90 · 2017-01-12T17:22:20.000+01:00
This PR was merged into the master branch. Discussion ---------- Do not use a Symfony Form to delete an article Because it's simpler without a SF Form Commits ------- 9f8a40b Do not use a Symfony Form to delete an article
diff --git a/app/Resources/views/admin/blog/_delete_form.html.twig b/app/Resources/views/admin/blog/_delete_form.html.twig
@@ -0,0 +1,5 @@
+{{ include('blog/_delete_post_confirmation.html.twig') }}
+<form action="{{ url('admin_post_delete', { id: post.id }) }}" method="post" data-confirmation="true">
+    <input type="hidden" name="token" value="{{ csrf_token('delete') }}" />
+    <input type="submit" value="{{ 'action.delete_post'|trans }}" class="btn btn-lg btn-block btn-danger" />
+</form>
diff --git a/app/Resources/views/admin/blog/edit.html.twig b/app/Resources/views/admin/blog/edit.html.twig
@@ -6,20 +6,15 @@
     <h1>{{ 'title.edit_post'|trans({'%id%': post.id}) }}</h1>
 
     {{ include('admin/blog/_form.html.twig', {
-        form: edit_form,
+        form: form,
         button_label: 'action.save'|trans,
         include_back_to_home_link: true,
     }, with_context = false) }}
 {% endblock %}
 
 {% block sidebar %}
     <div class="section actions">
-        {{ include('admin/blog/_form.html.twig', {
-            form: delete_form,
-            button_label: 'action.delete_post'|trans,
-            button_css: 'btn btn-lg btn-block btn-danger',
-            show_confirmation: true,
-        }, with_context = false) }}
+        {{ include('admin/blog/_delete_form.html.twig', { post: post }, with_context = false) }}
     </div>
 
     {{ parent() }}
diff --git a/app/Resources/views/admin/blog/show.html.twig b/app/Resources/views/admin/blog/show.html.twig
@@ -38,12 +38,7 @@
     </div>
 
     <div class="section">
-        {{ include('admin/blog/_form.html.twig', {
-            form: delete_form,
-            button_label: 'action.delete_post'|trans,
-            button_css: 'btn btn-lg btn-block btn-danger',
-            show_confirmation: true,
-        }, with_context = false) }}
+        {{ include('admin/blog/_delete_form.html.twig', { post: post }, with_context = false) }}
     </div>
 
     {{ parent() }}
diff --git a/src/AppBundle/Controller/Admin/BlogController.php b/src/AppBundle/Controller/Admin/BlogController.php
@@ -126,11 +126,8 @@ public function showAction(Post $post)
             throw $this->createAccessDeniedException('Posts can only be shown to their authors.');
         }
 
-        $deleteForm = $this->createDeleteForm($post);
-
         return $this->render('admin/blog/show.html.twig', [
             'post' => $post,
-            'delete_form' => $deleteForm->createView(),
         ]);
     }
 
@@ -148,12 +145,11 @@ public function editAction(Post $post, Request $request)
 
         $entityManager = $this->getDoctrine()->getManager();
 
-        $editForm = $this->createForm(PostType::class, $post);
-        $deleteForm = $this->createDeleteForm($post);
+        $form = $this->createForm(PostType::class, $post);
 
-        $editForm->handleRequest($request);
+        $form->handleRequest($request);
 
-        if ($editForm->isSubmitted() && $editForm->isValid()) {
+        if ($form->isSubmitted() && $form->isValid()) {
             $post->setSlug($this->get('slugger')->slugify($post->getTitle()));
             $entityManager->flush();
 
@@ -164,16 +160,15 @@ public function editAction(Post $post, Request $request)
 
         return $this->render('admin/blog/edit.html.twig', [
             'post' => $post,
-            'edit_form' => $editForm->createView(),
-            'delete_form' => $deleteForm->createView(),
+            'form' => $form->createView(),
         ]);
     }
 
     /**
      * Deletes a Post entity.
      *
-     * @Route("/{id}", name="admin_post_delete")
-     * @Method("DELETE")
+     * @Route("/{id}/delete", name="admin_post_delete")
+     * @Method("POST")
      * @Security("post.isAuthor(user)")
      *
      * The Security annotation value is an expression (if it evaluates to false,
@@ -182,40 +177,17 @@ public function editAction(Post $post, Request $request)
      */
     public function deleteAction(Request $request, Post $post)
     {
-        $form = $this->createDeleteForm($post);
-        $form->handleRequest($request);
+        if (!$this->isCsrfTokenValid('delete', $request->request->get('token'))) {
+            return $this->redirectToRoute('admin_post_index');
+        }
 
-        if ($form->isSubmitted() && $form->isValid()) {
-            $entityManager = $this->getDoctrine()->getManager();
+        $entityManager = $this->getDoctrine()->getManager();
 
-            $entityManager->remove($post);
-            $entityManager->flush();
+        $entityManager->remove($post);
+        $entityManager->flush();
 
-            $this->addFlash('success', 'post.deleted_successfully');
-        }
+        $this->addFlash('success', 'post.deleted_successfully');
 
         return $this->redirectToRoute('admin_post_index');
     }
-
-    /**
-     * Creates a form to delete a Post entity by id.
-     *
-     * This is necessary because browsers don't support HTTP methods different
-     * from GET and POST. Since the controller that removes the blog posts expects
-     * a DELETE method, the trick is to create a simple form that *fakes* the
-     * HTTP DELETE method.
-     * See http://symfony.com/doc/current/cookbook/routing/method_parameters.html.
-     *
-     * @param Post $post The post object
-     *
-     * @return \Symfony\Component\Form\Form The form
-     */
-    private function createDeleteForm(Post $post)
-    {
-        return $this->createFormBuilder()
-            ->setAction($this->generateUrl('admin_post_delete', ['id' => $post->getId()]))
-            ->setMethod('DELETE')
-            ->getForm()
-        ;
-    }
 }
