From 443e497d7495d4cb7cbd8b6b20ad92a3856cafd2 Mon Sep 17 00:00:00 2001
From: "vit.jonas@gmail.com"
 <vit.jonas@gmail.com@5e329b0b-a2ee-ea63-e329-299493fc886d>
Date: Fri, 23 Sep 2011 08:14:30 +0000
Subject: [PATCH] * working on Issue 145:	Direct links for sensitive
 oprations

git-svn-id: http://redmine-dmsf.googlecode.com/svn/trunk/redmine_dmsf@235 5e329b0b-a2ee-ea63-e329-299493fc886d
---
 app/controllers/dmsf_controller.rb |  3 +++
 app/views/dmsf/show.html.erb       | 28 +++++++++++++++++++++-------
 2 files changed, 24 insertions(+), 7 deletions(-)

diff --git a/app/controllers/dmsf_controller.rb b/app/controllers/dmsf_controller.rb
index 9303a802..1b01ed61 100644
--- a/app/controllers/dmsf_controller.rb
+++ b/app/controllers/dmsf_controller.rb
@@ -24,6 +24,9 @@ class DmsfController < ApplicationController
   before_filter :find_folder, :except => [:new, :create, :edit_root, :save_root]
   before_filter :find_parent, :only => [:new, :create]
   
+  verify :method => :post, :only => [:delete_entries, :create, :save, :delete, :save_root, :notify_activate, :notify_deactivate], 
+    :render => { :nothing => true, :status => :method_not_allowed }
+  
   def show
     if @folder.nil?
       @subfolders = DmsfFolder.project_root_folders(@project)
diff --git a/app/views/dmsf/show.html.erb b/app/views/dmsf/show.html.erb
index ccc9635a..8eea7948 100644
--- a/app/views/dmsf/show.html.erb
+++ b/app/views/dmsf/show.html.erb
@@ -69,13 +69,13 @@ form_tag({:action => "entries_operation", :id => @project, :folder_id => @folder
 				<% if User.current.allowed_to?(:file_approval, @project) %>
 					<div class="right_icon_box">
 					<% if subfolder.notification %>
-						<%= link_to(image_tag("notify.png", :plugin => "redmine_dmsf"),
-			        			{:action => "notify_deactivate", :id => @project,
-								:folder_id => subfolder}, :title => l(:title_notifications_active_deactivate)) %>
+						<%= link_to_function(image_tag("notify.png", :plugin => "redmine_dmsf"),
+			        			"manipulation_link('#{url_for(:action => 'notify_deactivate', :id => @project, :folder_id => subfolder)}')",
+								 :title => l(:title_notifications_active_deactivate)) %>
 					<% else %>
-						<%= link_to(image_tag("notifynot.png", :plugin => "redmine_dmsf"),
-			        			{:action => "notify_activate", :id => @project, 
-								:folder_id => subfolder}, :title => l(:title_notifications_not_active_activate)) %>
+						<%= link_to_function(image_tag("notifynot.png", :plugin => "redmine_dmsf"),
+			        			"manipulation_link('#{url_for(:action => 'notify_activate', :id => @project, :folder_id => subfolder)}')", 
+								:title => l(:title_notifications_not_active_activate)) %>
 					<% end %>
 					</div>
 				<% end %>
@@ -188,7 +188,10 @@ form_tag({:action => "entries_operation", :id => @project, :folder_id => @folder
 
 <script type="text/javascript">
 	jQuery("a.delete-link").click(function(event) {
-		if(!window.confirm("<%= l(:question_do_you_really_want_to_delete_this_entry) %>")) event.preventDefault();
+		event.preventDefault();
+		if(!window.confirm("<%= l(:question_do_you_really_want_to_delete_this_entry) %>")) return;
+		jQuery("#entries_form").attr("action", jQuery(this).attr("href"));
+		jQuery("#entries_form").submit();
 	})
 	
 	jQuery("#entries_delete_button").click(function(event) {
@@ -258,6 +261,17 @@ sUrl = "jquery.dataTables/#{I18n.locale.to_s.downcase}.json" if I18n.locale && !
 		        }
 	      	});
 		});
+		
+		function manipulation_link(action) {
+			jQuery("#entries_form").attr("action", action);
+			jQuery("#entries_form").submit();
+		};
+		
+		function confirmation_link(action) {
+			if(!window.confirm("<%= l(:question_do_you_really_want_to_delete_this_entry) %>")) return;
+			jQuery("#entries_form").attr("action", action);
+			jQuery("#entries_form").submit();
+		};
 	</script>
 <% end %>