diff --git a/isso/comment.py b/isso/comment.py
index 5f535e7..35ae838 100644
--- a/isso/comment.py
+++ b/isso/comment.py
@@ -61,7 +61,7 @@ def get(app, environ, request, path, id=None):
def modify(app, environ, request, path, id):
try:
- rv = app.unsign(request.cookies.get('session-%s-%s' % (urllib.unquote(path), id), ''))
+ rv = app.unsign(request.cookies.get('session-%s-%s' % (urllib.quote(path, ''), id), ''))
except (SignatureExpired, BadSignature):
return abort(403)
diff --git a/isso/static/post.html b/isso/static/post.html
index a417317..5a8e6bd 100644
--- a/isso/static/post.html
+++ b/isso/static/post.html
@@ -162,9 +162,24 @@
'');
if (read('session-' + encodeURIComponent(window.location.pathname) + '-' + post['id'])) {
- var node = $('#isso_' + post['id'] + '> footer > a:first-child')
- .after('Bearbeiten');
-
+ $('#isso_' + post['id'] + '> footer > a:first-child')
+ .after('Löschen')
+ .after('Bearbeiten');
+
+ $('#isso_' + post['id'] + ' > footer .delete').on('click', function(event) {
+ $.ajax({
+ url: '/comment/' + encodeURIComponent(window.location.pathname) + '/' + post['id'],
+ method: 'DELETE',
+ error: function(resp) {
+ alert('Mööp!');
+ },
+ success: function(res) {
+ // XXX comment might not actually deleted
+ $('#isso_' + post['id']).remove();
+ },
+ });
+ event.stop();
+ });
}
// ability to answer directly to a comment