> I am trying to use Low Pro to add a delete confirmation. In my
> controller, I have added a delete and a destroy action. These content
> of these actions are:

> def delete
>   @item = Item.find( params[ :id ] )
> end

> def destroy

>   @item = Item.find( params[ :id ] )
>   item.destroy

>   redirect_to items_path
> end

> In the routes, I add a delete route to items by:

> map.resources :items, :member => { :delete => :get }

> I then have a view where I add a delete link like this (also using
> haml):

> = link_to "delete", delete_item_path( item ), :class => 'delete'

> All of this works when I have javascript disabled. Now I am trying to
> add a behavior that will do the confirmation in javascript and if
> confirmed then redirect to the destroy action. I am trying to do this
> as follows but it is not working.

> Remote.Delete = Behavior.create( Remote.Base, {
>   onclick: function( event ) {
>     if ( confirm( 'Are you sure?'  ) ) {
>       var destroy_url = this.element.href.gsub( '/delete$', '' );
>       options = Object.extend( { url: destroy_url, method: 'delete' },
> this.options );
>       return this._makeRequest( options )
>     }
>     return false;
>   }
> });

> Event.addBehavior( {
>   '.delete' : Remote.Delete
> });

> The onclick gets executed but it is not working correctly. Any help
> would be appriciated.

> Thanks,

> -- Ken

> don't change your route, a delete action should not be a GET but a  
> DELETE.

> Event.addBehavior( {
>   '.delete' : Remote.Delete
> });

> The onclick gets executed but it is not working correctly. Any help
> would be appriciated.

> > Remote.DeleteLink = Behavior.create(Remote.Base, {
> >   onclick : function() {
> >     var options = Object.extend({ url : this.element.href, method :
> > 'delete' }, this.options);
> >     if (confirm('Are you sure?')){
> >       return this._makeRequest(options);
> >     }else{
> >       return false;
> >     }
> >   }
> > });

> > don't change your route, a delete action should not be a GET but a
> > DELETE.

> I think he's using the delete action (note the name) as an
> intermediary action to hold a form with DELETE method pointing to the
> _destroy_ action that actually deletes the record. That's pretty much
> the only way to use an accessible link to perform a destructive action
> afaik.

> > On 1/24/08, KJoyner <K...@kjoyner.com> wrote:
> > <snip>
> > Remote.Delete = Behavior.create( Remote.Base, {
> >   onclick: function( event ) {
> >     if ( confirm( 'Are you sure?'  ) ) {
> >       var destroy_url = this.element.href.gsub ( '/delete$', '' );
> >       options = Object.extend( { url: destroy_url, method: 'delete' },
> > this.options );
> >       return this._makeRequest( options )
> >     }
> >     return false;
> >   }
> > });

> > Event.addBehavior( {
> >   '.delete' : Remote.Delete
> > });

> > The onclick gets executed but it is not working correctly. Any help
> > would be appriciated.

> So what happens? Does the request get to Rails? Have you used Firebug
> to debug what happens inside the behaviour (e.g. what does options
> look like when you make the request)?

> --
> Jarkko Lainehttp://jlaine.nethttp://dotherightthing.comhttp://www.railsecommerce....

> Jarkko is correct, I am trying to create both an accessible link (when
> Javascript is disabled) and an AJAX request when java is enabled.

> After reading your post, I just thought to check my log to see if it
> showed anything. It does route but shows an
> ActionController::InvalidAuthenticityToken during a call to
> request_forgery_protection.

> > Jarkko is correct, I am trying to create both an accessible link (when
> > Javascript is disabled) and an AJAX request when java is enabled.

> > After reading your post, I just thought to check my log to see if it
> > showed anything. It does route but shows an
> > ActionController::InvalidAuthenticityToken during a call to
> > request_forgery_protection.

> This is the new csrf killer in action :-)

> You must pass the authenticity token to the link somehow (seehttp://edgedocs.planetargon.org/classes/ActionController/RequestForge...)
> . You could for example set a header for it in the controller and then
> set the form parameter in your behaviour according to that header.

> Seehttp://edgedocs.planetargon.org/classes/ActionView/Helpers/UrlHelper....
>   (click "Source") for how the Rails JS helpers populate the token in
> link_to_remote.

> --
> Jarkko Lainehttp://jlaine.nethttp://dotherightthing.comhttp://www.railsecommerce....

> I have added the following that now works, except for the reload which
> does not appear to be working as I intended. For completeness, I have
> included my updated delete method.

> var AJ =
> {
>  encode_authenticity_token:function( token )
>  {
>      return encodeURIComponent( $(token).value )

> > I have added the following that now works, except for the reload which
> > does not appear to be working as I intended. For completeness, I have
> > included my updated delete method.

> > var AJ =
> > {
> >  encode_authenticity_token:function( token )
> >  {
> >      return encodeURIComponent( $(token).value )

> Can't answer to your reload question off the top of my head, but you
> can replace $(token).value with $F(token) (seehttp://prototypejs.org/api/utility/dollar-f)

> >        document.body.select( 'input[ name = "authenticity_token" ]' )
> > [ 0 ] )

> This is also same as $$('input[name="authenticity_token']).first() (http://prototypejs.org/api/utility/dollar-dollar
> ). If you give the input field an id, it can be reduced to $
> ('authenticity_token').

> --
> Jarkko Lainehttp://jlaine.nethttp://dotherightthing.comhttp://www.railsecommerce....