Bulletin delete usually working. One bulletin won't delete..

2025-12-26 14:48:26 -05:00
parent ba00890f79
commit 30ecf63e29
2 changed files with 67 additions and 1 deletions
--- a/packetserver/http/routers/bulletins.py
+++ b/packetserver/http/routers/bulletins.py
@@ -6,6 +6,7 @@ from datetime import datetime
 import transaction
 from persistent.list import PersistentList
 from ZODB.Connection import Connection
+import logging

 from packetserver.http.database import DbDependency
 from ..dependencies import get_current_http_user
@@ -185,4 +186,43 @@ async def bulletin_detail_page(
        return templates.TemplateResponse(
            "bulletin_detail.html",
            {"request": request, "bulletin": bulletin, "current_user": current_user.username}
-        )
+        )
+
+@router.delete("/bulletins/{bid}", status_code=204)
+async def delete_bulletin(
+    bid: int,
+    db: DbDependency,
+    current_user: HttpUser = Depends(get_current_http_user)
+):
+    username = current_user.username
+
+    try:
+        with db.transaction() as conn:
+            root = conn.root()
+            bulletins_list: PersistentList = root.get("bulletins", PersistentList())
+
+            # Find the bulletin
+            bulletin_to_delete = None
+            for b in bulletins_list:
+                if b.id == bid:
+                    bulletin_to_delete = b
+                    break
+
+            if not bulletin_to_delete:
+                raise HTTPException(status_code=404, detail="Bulletin not found")
+
+            if bulletin_to_delete.author != username:
+                raise HTTPException(status_code=403, detail="Not authorized to delete this bulletin")
+
+            # Remove it
+            bulletins_list.remove(bulletin_to_delete)
+
+            logging.info(f"User {username} deleted bulletin {bid}")
+
+    except HTTPException:
+        raise
+    except Exception as e:
+        logging.error(f"Bulletin delete failed for {username} on {bid}: {e}")
+        raise HTTPException(status_code=500, detail="Failed to delete bulletin")
+
+    return None  # 204 No Content
--- a/packetserver/http/templates/bulletin_detail.html
+++ b/packetserver/http/templates/bulletin_detail.html
@@ -15,5 +15,31 @@
        <a href="/bulletins">← All Bulletins</a> |
        <a href="/dashboard">Dashboard</a>
    </p>
+    {% if bulletin.author == current_user %}
+    <div class="card mt-5 border-danger">
+        <div class="card-header bg-danger text-white">
+            <h5 class="mb-0">Danger Zone</h5>
+        </div>
+        <div class="card-body">
+            <p class="card-text">Once you delete a bulletin, there is no going back. Please be certain.</p>
+            <button type="button" class="btn btn-danger" onclick="deleteBulletin({{ bulletin.id }}, '{{ bulletin.subject | e }}')">
+                Delete This Bulletin Permanently
+            </button>
+        </div>
+    </div>
+
+    <script>
+    async function deleteBulletin(id, subject) {
+        console.log("Clicked delete!")
+        if (!confirm(`Permanently delete bulletin "${subject}"? This cannot be undone.`)) return;
+        const response = await fetch(`/api/v1/bulletins/${id}`, { method: 'DELETE' });
+        if (response.ok) {
+            window.location.href = '/bulletins';
+        } else {
+            alert('Delete failed: ' + (await response.text() || 'Unknown error'));
+        }
+    }
+    </script>
+    {% endif %}
 </body>
 </html>