From 5bee8cdeebd0901e7bce6ccffcf8873fc40f9cf2 Mon Sep 17 00:00:00 2001
From: alexgit55 <121723219+alexgit55@users.noreply.github.com>
Date: Sun, 3 Aug 2025 10:46:28 -0400
Subject: [PATCH] Edited Publish and Remove Buttons to use POST requests

In the original code, the publish and remove buttons were still showing using regular buttons with <a> tags, despite the text suggesting the use of forms.  I wanted to update the code to use forms for the correct functionality and be in line with what the description was saying
---
 en/homework/README.md | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/en/homework/README.md b/en/homework/README.md
index 8a5c642..4d95885 100644
--- a/en/homework/README.md
+++ b/en/homework/README.md
@@ -83,12 +83,14 @@ into these:
     <div class="date">
         {{ post.published_date }}
     </div>
-
     {% else %}
     <aside class="actions">
-        <a class="btn btn-secondary" role="button" href="{% url 'post_publish' pk=post.pk %}">Publish</a>
+        <form method="post" action="{% url 'post_publish' pk=post.pk %}" style="display: inline;">
+            {% csrf_token %}
+            <button type="submit" class="btn btn-secondary">Publish</button>
+        </form>
     </aside>
-{% endif %}
+    {% endif %}
 ```
 
 As you noticed, we added {% raw %}`{% else %}`{% endraw %} line here. That means, that if the condition from {% raw %}`{% if post.published_date %}`{% endraw %} is not fulfilled (so if there is no `published_date`), then we want to do the lines with `<form ... </form>`. But wait -- why are we bothering with a form here? There are no fields to fill in. Why are we not creating the publish button using an `<a class="btn">` element like we did before?
@@ -112,7 +114,7 @@ def post_publish(request, pk):
     post = get_object_or_404(Post, pk=pk)
     if request.method=='POST':
         post.publish()
-    return redirect('post_detail', pk=pk)
+    return redirect('post_draft_list')
 ```
 
 Note that we check the request method before executing the operation -- although the pages we will emit will not include a direct link to the URL of this view, and so one could think this check is redundant, in practice this sort of "defensive programming" often pays off, preventing damage which could have been caused by bugs.
@@ -138,9 +140,13 @@ Congratulations! You are almost there. The last step is adding a delete button!
 Let's open `blog/templates/blog/post_detail.html` once again and add these lines:
 
 ```django
-<a class="btn btn-secondary" href="{% url 'post_remove' pk=post.pk %}">
-    {% include './icons/trash-fill.svg' %}
-</a>
+<form method="post" action="{% url 'post_remove' pk=post.pk %}" style="display: inline;">
+            {% csrf_token %}
+            <button type="submit" class="btn btn-secondary"
+                onclick="return confirm('Are you sure you want to delete this post?')">
+                {% include './icons/trash-fill.svg' %}
+            </button>
+        </form>
 ```
 
 just under a line with the edit button.