Merge pull request #2039 from umap-project/delete-anonymous-owner

fix: show delete button for owner and anonymous owner

umap/static/umap/js/modules/permissions.js

@@ -34,7 +34,7 @@ export class MapPermissions {
   }
 
   isOwner() {
-    return this.map.options.user?.id === this.map.options.permissions.owner?.id
+    return Boolean(this.map.options.user?.is_owner)
   }
 
   isAnonymousMap() {

umap/static/umap/js/umap.js

@@ -1638,11 +1638,13 @@ U.Map = L.Map.extend({
   },
 
   del: async function () {
-    if (confirm(L._('Are you sure you want to delete this map?'))) {
-      const url = this.urls.get('map_delete', { map_id: this.options.umap_id })
-      const [data, response, error] = await this.server.post(url)
-      if (data.redirect) window.location = data.redirect
-    }
+    this.dialog
+      .confirm(L._('Are you sure you want to delete this map?'))
+      .then(async () => {
+        const url = this.urls.get('map_delete', { map_id: this.options.umap_id })
+        const [data, response, error] = await this.server.post(url)
+        if (data.redirect) window.location = data.redirect
+      })
   },
 
   clone: async function () {

umap/tests/integration/test_anonymous_owned_map.py

@@ -219,3 +219,26 @@ def test_alert_message_after_create_show_link_even_without_mail(
     ).to_be_visible()
     expect(alert.get_by_role("button", name="Copy")).to_be_visible()
     expect(alert.get_by_role("button", name="Send me the link")).to_be_hidden()
+
+
+def test_anonymous_owner_can_delete_the_map(anonymap, live_server, owner_session):
+    assert Map.objects.count() == 1
+    owner_session.goto(f"{live_server.url}{anonymap.get_absolute_url()}")
+    owner_session.get_by_role("button", name="Edit").click()
+    owner_session.get_by_role("link", name="Map advanced properties").click()
+    owner_session.get_by_text("Advanced actions").click()
+    expect(owner_session.get_by_role("button", name="Delete")).to_be_visible()
+    owner_session.get_by_role("button", name="Delete").click()
+    with owner_session.expect_response(re.compile(r".*/update/delete/.*")):
+        owner_session.get_by_role("button", name="OK").click()
+    assert not Map.objects.count()
+
+
+def test_non_owner_cannot_see_delete_button(anonymap, live_server, page):
+    anonymap.edit_status = Map.ANONYMOUS
+    anonymap.save()
+    page.goto(f"{live_server.url}{anonymap.get_absolute_url()}")
+    page.get_by_role("button", name="Edit").click()
+    page.get_by_role("link", name="Map advanced properties").click()
+    page.get_by_text("Advanced actions").click()
+    expect(page.get_by_role("button", name="Delete")).to_be_hidden()

umap/tests/integration/test_owned_map.py

@@ -134,17 +134,9 @@ def test_owner_has_delete_map_button(map, live_server, login):
     advanced.click()
     delete = page.get_by_role("button", name="Delete", exact=True)
     expect(delete).to_be_visible()
-    dialog_shown = False
-
-    def handle_dialog(dialog):
-        dialog.accept()
-        nonlocal dialog_shown
-        dialog_shown = True
-
-    page.on("dialog", handle_dialog)
+    delete.click()
     with page.expect_navigation():
-        delete.click()
-    assert dialog_shown
+        page.get_by_role("button", name="OK").click()
     assert Map.objects.all().count() == 0
 
 

umap/views.py

@@ -458,12 +458,16 @@ def simple_json_response(**kwargs):
 
 class SessionMixin:
     def get_user_data(self):
+        data = {}
+        if hasattr(self, "object"):
+            data["is_owner"] = self.object.is_owner(self.request.user, self.request)
         if self.request.user.is_anonymous:
-            return {}
+            return data
         return {
             "id": self.request.user.pk,
             "name": str(self.request.user),
             "url": reverse("user_dashboard"),
+            **data,
         }