I'm creating a site using the Flask framework, and am implementing a confirmation page for (mainly administrative) actions; i.e. deleting a user.
My current method (detailed below) works, but feels quite clunky and seems like a huge amount of work for a simple task. Is there a more optimal solution to this?
Currently I have a route to initiate the action:
@admin.route('/user/<int:user_id>/delete', methods=['GET'])
@login_required
@admin_required
def del_user(user_id):user = User.query.get_or_404(user_id)desc = "delete"subject = user.usernameaction = 'admin.do_del_user'next = url_for('admin.get_user', user_id=user.id)return redirect(url_for('main._confirm', desc=desc, subject=subject, action=action, next=next, user_id=user.id))
Which redirects over to the confirm route:
@main.route('/confirm', methods=['GET', 'POST'])
def _confirm():form = Confirm()kwargs = {}for arg in request.args:if arg != 'action' or arg != 'desc' or arg != 'subject':kwargs[arg] = request.args[arg]action = request.args.get('action')desc = request.args.get('desc')subject = request.args.get('subject')if action is None:abort(404)if form.validate_on_submit():return redirect(url_for(action, confirm=form.confirm.data, **kwargs))return render_template('_confirm.html', form=form, desc=desc, subject=subject)
Which then redirects again to do the actual action after validating the confirmation form:
@admin.route('/user/<int:user_id>/do_delete', methods=['GET'])
@login_required
@admin_required
def do_del_user(user_id):confirm = request.args.get('confirm')next = request.args.get('next')if confirm:user = User.query.get_or_404(user_id)db.session.delete(user)db.session.commit()return redirect(next)
I hope that makes sense! Just to note, desc and subject are passed for the confirmation template, and the kwargs is just to catch anything url_for() needs in building the urls.