Fix CSRF bug.

pinry/core/static/core/css/pinry.css

@@ -90,6 +90,24 @@ body {
                 font-weight: normal;
             }
 
+.pin-options {
+    display: none;
+    position: absolute;
+    padding: 5px 7px 4px;
+    background-color: #eee;
+    border: 1px solid #ccc;
+    -webkit-box-shadow: 0 1px 3px #ccc;
+       -moz-box-shadow: 0 1px 3px #ccc;
+            box-shadow: 0 1px 3px #ccc;
+    -webkit-border-radius: 3px;
+       -moz-border-radius: 3px;
+            border-radius: 3px;
+}
+    
+    .pin:hover .pin-options {
+        display: block;
+    }
+
 #form {
     border: 1px solid #ccc;
     background-color: white;

pinry/core/static/core/js/pinry.js

@@ -60,6 +60,11 @@ $(window).ready(function () {
         for(; i<length; i++) {
           image = data[i];
           html += '<div class="pin">';
+              html += '<div class="pin-options">';
+                  html += '<a href="/pins/delete-pin/'+image.id+'">';
+                      html += '<i class="icon-trash"></i>';
+                  html += '</a>';
+              html += '</div>';
               html += '<a class="fancybox" rel="pins" href="'+image.image+'">';
                   html += '<img src="'+image.thumbnail+'" width="200" >';
               html += '</a>';

pinry/core/templates/core/base.html

@@ -44,7 +44,7 @@
 
         {% block yield %}{% endblock %}
 
-        {% new_pin %}
+        {% new_pin request %}
 
         {% if debug %}
             <script src="/static/vendor/jquery/1.7.2/jquery.js"></script>

pinry/pins/forms.py

@@ -61,3 +61,4 @@ class PinForm(forms.ModelForm):
 
     class Meta:
         model = Pin
+        exclude = ['submitter']

pinry/pins/models.py

@@ -1,6 +1,7 @@
 from django.db import models
 from django.core.files import File
 from django.core.files.temp import NamedTemporaryFile
+from django.contrib.auth.models import User
 
 from thumbs import ImageWithThumbsField
 
@@ -8,6 +9,7 @@ import urllib2
 
 
 class Pin(models.Model):
+    submitter = models.ForeignKey(User)
     url = models.TextField(blank=True, null=True)
     description = models.TextField(blank=True, null=True)
     image = ImageWithThumbsField(upload_to='pins/pin', sizes=((200, 1000),))
@@ -23,7 +25,7 @@ class Pin(models.Model):
             temp_img.flush()
             # pylint: disable-msg=E1101
             self.image.save(self.url.split('/')[-1], File(temp_img))
-        super(Pin, self).save()
+        super(Pin, self).save(*args, **kwargs)
 
     class Meta:
         ordering = ['-id']

pinry/pins/templates/pins/templatetags/new_pin.html

@@ -5,6 +5,7 @@
         <h3>New Pin</h3>
     </div>
     <form action="{% url pins:new-pin %}" method="post" class="form-horizontal">
+        {% csrf_token %}
         <div class="modal-body">
             {% csrf_token %}
             {% for field in form %}

pinry/pins/templatetags/new_pin.py

@@ -1,5 +1,6 @@
 from django.template.loader import render_to_string
 from django.template import Library
+from django.template import RequestContext
 
 from pinry.pins.forms import PinForm
 
@@ -8,6 +9,7 @@ register = Library()
 
 
 @register.simple_tag
-def new_pin():
+def new_pin(request):
     return render_to_string('pins/templatetags/new_pin.html',
-        {'form': PinForm()})
+        {'form': PinForm()},
+        context_instance=RequestContext(request))

pinry/pins/urls.py

@@ -4,4 +4,5 @@ from django.conf.urls import patterns, url
 urlpatterns = patterns('pinry.pins.views',
     url(r'^$', 'recent_pins', name='recent-pins'),
     url(r'^new-pin/$', 'new_pin', name='new-pin'),
+    url(r'^delete-pin/(?P<pin_id>\d*)/$', 'delete_pin', name='delete-pin'),
 )

pinry/pins/views.py

@@ -4,6 +4,7 @@ from django.core.urlresolvers import reverse
 from django.contrib import messages
 
 from .forms import PinForm
+from .models import Pin
 
 
 def recent_pins(request):
@@ -14,7 +15,9 @@ def new_pin(request):
     if request.method == 'POST':
         form = PinForm(request.POST, request.FILES)
         if form.is_valid():
-            form.save()
+            pin = form.save(commit=False)
+            pin.submitter = request.user
+            pin.save()
             messages.success(request, 'New pin successfully added.')
             return HttpResponseRedirect(reverse('pins:recent-pins'))
         else:
@@ -25,3 +28,19 @@ def new_pin(request):
         'form': form,
     }
     return TemplateResponse(request, 'pins/new_pin.html', context)
+
+
+def delete_pin(request, pin_id):
+    try:
+        pin = Pin.objects.get(id=pin_id)
+        if pin.submitter == request.user:
+            pin.delete()
+            messages.success(request, 'Pin successfully deleted.')
+        else:
+            messages.error(request, 'You are not the submitter and can not '
+                                    'delete this pin.')
+    except Pin.DoesNotExist:
+        messages.error(request, 'Pin with the given id does not exist.')
+        
+
+    return HttpResponseRedirect(reverse('pins:recent-pins'))

pinry/settings/__init__.py

@@ -29,6 +29,7 @@ MIDDLEWARE_CLASSES = (
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
+    'django.middleware.csrf.CsrfViewMiddleware',
 )
 TEMPLATE_CONTEXT_PROCESSORS = (
     "django.contrib.auth.context_processors.auth",
@@ -36,6 +37,7 @@ TEMPLATE_CONTEXT_PROCESSORS = (
     "django.core.context_processors.i18n",
     "django.core.context_processors.media",
     "django.core.context_processors.static",
+    "django.core.context_processors.request",
     "django.contrib.messages.context_processors.messages",
 )