Reword warning about not using GET for delete based on input from kd

[catagits/Catalyst-Manual.git] / lib / Catalyst / Manual / Tutorial / BasicCRUD.pod

=head1 NAME

Catalyst::Manual::Tutorial::BasicCRUD - Catalyst Tutorial - Part 4: Basic CRUD


=head1 OVERVIEW

This is B<Part 4 of 10> for the Catalyst tutorial.

L<Tutorial Overview|Catalyst::Manual::Tutorial>

=over 4

=item 1

L<Introduction|Catalyst::Manual::Tutorial::Intro>

=item 2

L<Catalyst Basics|Catalyst::Manual::Tutorial::CatalystBasics>

=item 3

L<More Catalyst Basics|Catalyst::Manual::Tutorial::MoreCatalystBasics>

=item 4

B<Basic CRUD>

=item 5

L<Authentication|Catalyst::Manual::Tutorial::Authentication>

=item 6

L<Authorization|Catalyst::Manual::Tutorial::Authorization>

=item 7

L<Debugging|Catalyst::Manual::Tutorial::Debugging>

=item 8

L<Testing|Catalyst::Manual::Tutorial::Testing>

=item 9

L<Advanced CRUD|Catalyst::Manual::Tutorial::AdvancedCRUD>

=item 10

L<Appendices|Catalyst::Manual::Tutorial::Appendices>

=back


=head1 DESCRIPTION

This part of the tutorial builds on the fairly primitive application
created in Part 3 to add basic support for Create, Read, Update, and
Delete (CRUD) of C<Book> objects.  Note that the 'list' function in Part
2 already implements the Read portion of CRUD (although Read normally
refers to reading a single object; you could implement full read
functionality using the techniques introduced below).  This section will
focus on the Create and Delete aspects of CRUD.  More advanced
capabilities, including full Update functionality, will be addressed in
Part 9.

Although this part of the tutorial will show you how to build CRUD 
functionality yourself, another option is to use a "CRUD builder" type 
of tool to automate the process.  You get less control, but it's quick 
and easy.  For example, see 
L<CatalystX::ListFramework::Builder|CatalystX::ListFramework::Builder>,
L<CatalystX::CRUD|CatalystX::CRUD>, and 
L<CatalystX::CRUD::YUI|CatalystX::CRUD::YUI>.

You can checkout the source code for this example from the catalyst
subversion repository as per the instructions in
L<Catalyst::Manual::Tutorial::Intro|Catalyst::Manual::Tutorial::Intro>.


=head1 FORMLESS SUBMISSION

Our initial attempt at object creation will utilize the "URL 
arguments" feature of Catalyst (we will employ the more common form-
based submission in the sections that follow).


=head2 Include a Create Action in the Books Controller

Edit C<lib/MyApp/Controller/Books.pm> and enter the following method:

    =head2 url_create
    
    Create a book with the supplied title, rating, and author
    
    =cut
    
    sub url_create : Local {
        # In addition to self & context, get the title, rating, & 
        # author_id args from the URL.  Note that Catalyst automatically 
        # puts extra information after the "/<controller_name>/<action_name/" 
        # into @_
        my ($self, $c, $title, $rating, $author_id) = @_;
    
        # Call create() on the book model object. Pass the table 
        # columns/field values we want to set as hash values
        my $book = $c->model('DB::Books')->create({
                title  => $title,
                rating => $rating
            });
        
        # Add a record to the join table for this book, mapping to 
        # appropriate author
        $book->add_to_book_authors({author_id => $author_id});
        # Note: Above is a shortcut for this:
        # $book->create_related('book_authors', {author_id => $author_id});
        
        # Assign the Book object to the stash for display in the view
        $c->stash->{book} = $book;
    
        # This is a hack to disable XSUB processing in Data::Dumper
        # (it's used in the view).  This is a work-around for a bug in
        # the interaction of some versions or Perl, Data::Dumper & DBIC.
        # You won't need this if you aren't using Data::Dumper (or if
        # you are running DBIC 0.06001 or greater), but adding it doesn't 
        # hurt anything either.
        $Data::Dumper::Useperl = 1;
    
        # Set the TT template to use
        $c->stash->{template} = 'books/create_done.tt2';
    }

Notice that Catalyst takes "extra slash-separated information" from the
URL and passes it as arguments in C<@_>.  The C<url_create> action then
uses a simple call to the DBIC C<create> method to add the requested
information to the database (with a separate call to
C<add_to_book_authors> to update the join table).  As do virtually all
controller methods (at least the ones that directly handle user input),
it then sets the template that should handle this request.


=head2 Include a Template for the C<url_create> Action:

Edit C<root/src/books/create_done.tt2> and then enter:

    [% # Use the TT Dumper plugin to Data::Dumper variables to the browser   -%]
    [% # Not a good idea for production use, though. :-)  'Indent=1' is      -%]
    [% # optional, but prevents "massive indenting" of deeply nested objects -%]
    [% USE Dumper(Indent=1) -%]
    
    [% # Set the page title.  META can 'go back' and set values in templates -%]
    [% # that have been processed 'before' this template (here it's for      -%]
    [% # root/lib/site/html and root/lib/site/header).  Note that META on    -%]
    [% # simple strings (e.g., no variable interpolation).                   -%]
    [% META title = 'Book Created' %]
    
    [% # Output information about the record that was added.  First title.       -%]
    <p>Added book '[% book.title %]'
    
    [% # Output the last name of the first author.  This is complicated by an    -%]
    [% # issue in TT 2.15 where blessed hash objects are not handled right.      -%]
    [% # First, fetch 'book.authors' from the DB once.                           -%]
    [% authors = book.authors %]
    [% # Now use IF statements to test if 'authors.first' is "working". If so,   -%]
    [% # we use it.  Otherwise we use a hack that seems to keep TT 2.15 happy.   -%]
    by '[% authors.first.last_name IF authors.first; 
           authors.list.first.value.last_name IF ! authors.first %]'
    
    [% # Output the rating for the book that was added -%]
    with a rating of [% book.rating %].</p>
    
    [% # Provide a link back to the list page                                    -%]
    [% # 'uri_for()' builds a full URI; e.g., 'http://localhost:3000/books/list' -%]
    <p><a href="[% c.uri_for('/books/list') %]">Return to list</a></p>
    
    [% # Try out the TT Dumper (for development only!) -%]
    <pre>
    Dump of the 'book' variable:
    [% Dumper.dump(book) %]
    </pre>

The TT C<USE> directive allows access to a variety of plugin modules 
(TT plugins, that is, not Catalyst plugins) to add extra functionality 
to the base TT capabilities.  Here, the plugin allows 
L<Data::Dumper|Data::Dumper> "pretty printing" of objects and 
variables.  Other than that, the rest of the code should be familiar 
from the examples in Part 3.


=head2 Try the C<url_create> Feature

If the application is still running from before, use C<Ctrl-C> to kill
it. Then restart the server:

    $ DBIC_TRACE=1 script/myapp_server.pl

Note that new path for C</books/url_create> appears in the startup debug
output.

B<TIP>: You can use C<script/myapp_server.pl -r> to have the development
server auto-detect changed files and reload itself (if your browser acts
odd, you should also try throwing in a C<-k>).  If you make changes to
the TT templates only, you do not need to reload the development server
(only changes to "compiled code" such as Controller and Model C<.pm>
files require a reload).

Next, use your browser to enter the following URL:

    http://localhost:3000/books/url_create/TCPIP_Illustrated_Vol-2/5/4

Your browser should display "Added book 'TCPIP_Illustrated_Vol-2' by 
'Stevens' with a rating of 5." along with a dump of the new book model 
object as it was returned by DBIC.  You should also see the following 
DBIC debug messages displayed in the development server log messages 
if you have DBIC_TRACE set:

    INSERT INTO books (rating, title) VALUES (?, ?): `5', `TCPIP_Illustrated_Vol-2'
    INSERT INTO book_authors (author_id, book_id) VALUES (?, ?): `4', `6'
    SELECT author.id, author.first_name, author.last_name 
        FROM book_authors me  JOIN authors author 
        ON ( author.id = me.author_id ) WHERE ( me.book_id = ? ): '6'

The C<INSERT> statements are obviously adding the book and linking it to
the existing record for Richard Stevens.  The C<SELECT> statement results
from DBIC automatically fetching the book for the C<Dumper.dump(book)>.

If you then click the "Return to list" link, you should find that 
there are now six books shown (if necessary, Shift+Reload or 
Ctrl+Reload your browser at the C</books/list> page).


=head1 CONVERT TO A CHAINED ACTION

Although the example above uses the same C<Local> action type for the 
method that we saw in the previous part of the tutorial, there is an 
alternate approach that allows us to be more specific while also 
paving the way for more advanced capabilities.  Change the method 
declaration for C<url_create> in C<lib/MyApp/Controller/Books.pm> you 
entered above to match the following:

    sub url_create :Chained('/') :PathPart('books/url_create') :Args(3) {

This converts the method to take advantage of the Chained 
action/dispatch type. Chaining let's you have a single URL 
automatically dispatch to several controller methods, each of which 
can have precise control over the number of arguments that it will 
receive.  A chain can essentially be thought of having three parts --
a beginning, a middle and an end.  The bullets below summarize the key 
points behind each of these parts of a chain:


=over 4


=item *

Beginning

=over 4

=item *

B<Use "C<:Chained('/')>" to start a chain>

=item *

Get arguments through C<CaptureArgs()>

=item *

Specify the path to match with C<PathPart()>

=back


=item *

Middle

=over 4

=item *

Link to previous part of the chain with C<:Chained('_name_')>

=item *

Get arguments through C<CaptureArgs()>

=item *

Specify the path to match with C<PathPart()>

=back


=item *

End

=over 4

=item *

Link to previous part of the chain with C<:Chained('_name_')>

=item *

B<Do NOT get arguments through "C<CaptureArgs()>," use "C<Args()>" instead to end a chain>

=item *

Specify the path to match with C<PathPart()>

=back


=back

In our C<url_create> method above, we have combined all 3 parts into a 
single method: C<:Chained('/')> to start the chain, 
C<:PathPart('books/url_create')> to specify the base URL to match, 
along with C<:Args(3)> to capture exactly 3 arguments and also end the 
chain.

As we will see shortly, a chain can consist of as many "links" as you 
wish, with each part capturing some arguments and doing some work 
along the way.  We will continue to use the Chained action type in this 
part of the tutorial and explore slightly more advanced capabilities 
with the base method and delete feature below.  But Chained dispatch 
is capable of far more.  For additional information, see 
L<Catalyst::Manual::Intro/Action types>, 
L<Catalyst::DispatchType::Chained|Catalyst::DispatchType::Chained>, 
and the 2006 advent calendar entry on the subject: 
L<http://www.catalystframework.org/calendar/2006/10>.


=head2 Try the Chained Action

If you look back at the development server startup logs from your 
initial version of the C<url_create> method (the one using the 
C<:Local> attribute), you will notice that it produced output similar
to the following:

    [debug] Loaded Path actions:
    .-------------------------------------+--------------------------------------.
    | Path                                | Private                              |
    +-------------------------------------+--------------------------------------+
    | /                                   | /default                             |
    | /                                   | /index                               |
    | /books                              | /books/index                         |
    | /books/list                         | /books/list                          |
    | /books/url_create                   | /books/url_create                    |
    '-------------------------------------+--------------------------------------'

Now start the development server with our basic chained method in 
place and the startup debug output should change to something along 
the lines of the following:

    [debug] Loaded Path actions:
    .-------------------------------------+--------------------------------------.
    | Path                                | Private                              |
    +-------------------------------------+--------------------------------------+
    | /                                   | /default                             |
    | /                                   | /index                               |
    | /books                              | /books/index                         |
    | /books/list                         | /books/list                          |
    '-------------------------------------+--------------------------------------'
    
    [debug] Loaded Chained actions:
    .-------------------------------------+--------------------------------------.
    | Path Spec                           | Private                              |
    +-------------------------------------+--------------------------------------+
    | /books/url_create/*/*/*             | /books/url_create                    |
    '-------------------------------------+--------------------------------------'

C<url_create> has disappeared form the "Loaded Path actions" section 
but it now shows up under the newly created "Loaded Chained actions" 
section.  And, the "/*/*/*" portion clearly shows our requirement for
three arguments.

As with our non-chained version of C<url_create>, use your browser to 
enter the following URL:

    http://localhost:3000/books/url_create/TCPIP_Illustrated_Vol-2/5/4

You should see the same "Added book 'TCPIP_Illustrated_Vol-2' by 
'Stevens' with a rating of 5." along with a dump of the new book model 
object.  Click the "Return to list" link, you should find that there 
are now seven books shown (two copies of TCPIP_Illustrated_Vol-2).


=head2 Refactor to Use a "Base" Method to Start the Chains

Let's make a quick update to our initial Chained action to show a 
little more of the power of chaining.  First, open 
C<lib/MyApp/Controller/Books.pm> in your editor and add the following
method:

    =head2 base
    
    Can place common logic to start chained dispatch here
    
    =cut
    
    sub base :Chained('/') :PathPart('books') :CaptureArgs(0) {
        my ($self, $c) = @_;
        
        # Store the resultset in stash so it's available for other methods
        $c->stash->{resultset} = $c->model('DB::Books');
    
        # Print a message to the debug log
        $c->log->debug('*** INSIDE BASE METHOD ***');
    }

Here we print a log message and store the DBIC resultset in 
C<$c-E<gt>stash-E<gt>{resultset}> so that it's automatically available 
for other actions that chain off C<base>.  If your controller always 
needs a book ID as it's first argument, you could have the base method 
capture that argument (with C<:CaptureArgs(1)>) and use it to pull the 
book object with C<-E<gt>find($id)> and leave it in the stash for 
later parts of your chains to then act upon. Because we have several 
actions that don't need to retrieve a book (such as the C<url_create>
we are working with now), we will instead add that functionality
to a common C<object> action shortly.

As for C<url_create>, let's modify it to first dispatch to C<base>. 
Open up C<lib/MyApp/Controller/Books.pm> and edit the declaration for 
C<url_create> to match the following:

    sub url_create :Chained('base') :PathPart('url_create') :Args(3) {

Next, try out the refactored chain by restarting the development 
server.  Notice that our "Loaded Chained actions" section has changed 
slightly:
    
    [debug] Loaded Chained actions:
    .-------------------------------------+--------------------------------------.
    | Path Spec                           | Private                              |
    +-------------------------------------+--------------------------------------+
    | /books/url_create/*/*/*             | /books/base (0)                      |
    |                                     | => /books/url_create                 |
    '-------------------------------------+--------------------------------------'

The "Path Spec" is the same, but now it maps to two Private actions as 
we would expect.

Once again, enter the following URL into your browser:

    http://localhost:3000/books/url_create/TCPIP_Illustrated_Vol-2/5/4

The same "Added book 'TCPIP_Illustrated_Vol-2' by 'Stevens' with a 
rating of 5" message and dump of the new book object should appear. 
Also notice the extra debug message in the development server output 
from the C<base> method.  Click the "Return to list" link, you should 
find that there are now eight books shown. 


=head1 MANUALLY BUILDING A CREATE FORM

Although the C<url_create> action in the previous step does begin to
reveal the power and flexibility of both Catalyst and DBIC, it's
obviously not a very realistic example of how users should be expected
to enter data.  This section begins to address that concern.


=head2 Add Method to Display The Form

Edit C<lib/MyApp/Controller/Books.pm> and add the following method:

    =head2 form_create
    
    Display form to collect information for book to create
    
    =cut
    
    sub form_create :Chained('base') :PathPart('form_create') :Args(0) {
        my ($self, $c) = @_;
    
        # Set the TT template to use
        $c->stash->{template} = 'books/form_create.tt2';
    }

This action simply invokes a view containing a book creation form.


=head2 Add a Template for the Form

Open C<root/src/books/form_create.tt2> in your editor and enter:

    [% META title = 'Manual Form Book Create' -%]
    
    <form method="post" action="[% c.uri_for('form_create_do') %]">
    <table>
      <tr><td>Title:</td><td><input type="text" name="title"></td></tr>
      <tr><td>Rating:</td><td><input type="text" name="rating"></td></tr>
      <tr><td>Author ID:</td><td><input type="text" name="author_id"></td></tr>
    </table>
    <input type="submit" name="Submit" value="Submit">
    </form>

Note that we have specified the target of the form data as
C<form_create_do>, the method created in the section that follows.


=head2 Add a Method to Process Form Values and Update Database

Edit C<lib/MyApp/Controller/Books.pm> and add the following method to
save the form information to the database:

    =head2 form_create_do
    
    Take information from form and add to database
    
    =cut
    
    sub form_create_do :Chained('base') :PathPart('form_create_do') :Args(0) {
        my ($self, $c) = @_;
    
        # Retrieve the values from the form
        my $title     = $c->request->params->{title}     || 'N/A';
        my $rating    = $c->request->params->{rating}    || 'N/A';
        my $author_id = $c->request->params->{author_id} || '1';
    
        # Create the book
        my $book = $c->model('DB::Books')->create({
                title   => $title,
                rating  => $rating,
            });
        # Handle relationship with author
        $book->add_to_book_authors({author_id => $author_id});
    
        # Store new model object in stash
        $c->stash->{book} = $book;
    
        # Avoid Data::Dumper issue mentioned earlier
        # You can probably omit this    
        $Data::Dumper::Useperl = 1;
    
        # Set the TT template to use
        $c->stash->{template} = 'books/create_done.tt2';
    }


=head2 Test Out The Form

If the application is still running from before, use C<Ctrl-C> to kill
it.  Then restart the server:

    $ script/myapp_server.pl

Notice that the server startup log reflects the two new chained 
methods that we added:

    [debug] Loaded Chained actions:
    .-------------------------------------+--------------------------------------.
    | Path Spec                           | Private                              |
    +-------------------------------------+--------------------------------------+
    | /books/form_create                  | /books/base (0)                      |
    |                                     | => /books/form_create                |
    | /books/form_create_do               | /books/base (0)                      |
    |                                     | => /books/form_create_do             |
    | /books/url_create/*/*/*             | /books/base (0)                      |
    |                                     | => /books/url_create                 |
    '-------------------------------------+--------------------------------------'

Point your browser to L<http://localhost:3000/books/form_create> and
enter "TCP/IP Illustrated, Vol 3" for the title, a rating of 5, and an
author ID of 4.  You should then see the output of the same
C<create_done.tt2> template seen in earlier examples.  Finally, click
"Return to list" to view the full list of books.

B<Note:> Having the user enter the primary key ID for the author is
obviously crude; we will address this concern with a drop-down list in
Part 9.


=head1 A SIMPLE DELETE FEATURE

Turning our attention to the delete portion of CRUD, this section
illustrates some basic techniques that can be used to remove information
from the database.


=head2 Include a Delete Link in the List

Edit C<root/src/books/list.tt2> and update it to the following (two
sections have changed: 1) the additional '<th>Links</th>' table header,
and 2) the four lines for the Delete link near the bottom).

    [% # This is a TT comment.  The '-' at the end "chomps" the newline.  You won't -%]
    [% # see this "chomping" in your browser because HTML ignores blank lines, but  -%]
    [% # it WILL eliminate a blank line if you view the HTML source.  It's purely   -%]
    [%- # optional, but both the beginning and the ending TT tags support chomping. -%]
    
    [% # Provide a title to root/lib/site/header -%]
    [% META title = 'Book List' -%]
    
    <table>
    <tr><th>Title</th><th>Rating</th><th>Author(s)</th><th>Links</th></tr>
    [% # Display each book in a table row %]
    [% FOREACH book IN books -%]
      <tr>
        <td>[% book.title %]</td>
        <td>[% book.rating %]</td>
        <td>
          [% # First initialize a TT variable to hold a list.  Then use a TT FOREACH -%]
          [% # loop in 'side effect notation' to load just the last names of the     -%]
          [% # authors into the list.  Note that the 'push' TT vmethod does not      -%]
          [% # a value, so nothing will be printed here.  But, if you have something -%]
          [% # in TT that does return a method and you don't want it printed, you    -%]
          [% # can: 1) assign it to a bogus value, or 2) use the CALL keyword to     -%]
          [% # call it and discard the return value.                                 -%]
          [% tt_authors = [ ];
             tt_authors.push(author.last_name) FOREACH author = book.authors %]
          [% # Now use a TT 'virtual method' to display the author count in parens   -%]
          ([% tt_authors.size %])
          [% # Use another TT vmethod to join & print the names & comma separators   -%]
          [% tt_authors.join(', ') %]
        </td>
        <td>
          [% # Add a link to delete a book %]
          <a href="[% c.uri_for(c.controller.action_for('delete'), [book.id]) %]">Delete</a>
        </td>
      </tr>
    [% END -%]
    </table>

The additional code is obviously designed to add a new column to the 
right side of the table with a C<Delete> "button" (for simplicity, 
links will be used instead of full HTML buttons).

Also notice that we are using a more advanced form of C<uri_for> than 
we have seen before.  Here we use C<$c-E<gt>controller-
E<gt>action_for> to automatically generate a URI appropriate for that 
action based on the method we want to link to while inserting the 
C<book.id> value into the appropriate place.  Now, if you ever change 
C<:PathPart('delete')> in your controller method to 
C<:PathPart('kill')>, then your links will automatically update 
without any changes to your .tt2 template file.  As long as the name 
of your method does not changed ("delete" here), then your links will 
still be correct.  There are a few shortcuts and options when using
C<action_for()>:

=over 4

=item *

If you are referring to a method in the current controller, you can
use C<$self-E<gt>action_for('_method_name_')>.

=item *

If you are referring to a method in a different controller, you need
to include that controller's name as an argument to C<controller()>, as in
C<$c-E<gt>controller('_controller_name_')-E<gt>action_for('_method_name_')>.

=back

B<Note:> In practice you should B<never> use a GET request to delete a 
record -- always use POST for actions that will modify data.  We are 
doing it here for illustrative and simplicity purposes only.


=head2 Add a Common Method to Retrieve a Book for the Chain

As mentioned earlier, since we have a mixture of actions that operate 
on a single book ID and others that do no, we should not have C<base> 
capture the book ID, find the corresponding book in the database and 
save it in the stash for later links in the chain.  However, just 
because that logic does not belong in C<base> doesn't mean that we 
can't create another location to centralize the book lookup code.  In 
our case, we will create a method called C<object> that will store the 
specific book in the stash.  Chains that always operate on a single 
existing book can chain off this method, but methods such as 
C<url_create> that don't operate on an existing book can chain 
directly off base.

To add the C<object> method, edit C<lib/MyApp/Controller/Books.pm>
and add the following code:

    =head2 object
    
    Fetch the specified book object based on the book ID and store
    it in the stash
    
    =cut
    
    sub object :Chained('base') :PathPart('id') :CaptureArgs(1) {
        # $id = primary key of book to delete
        my ($self, $c, $id) = @_;
        
        # Find the book object and store it in the stash
        $c->stash(object => $c->stash->{resultset}->find($id));
        
        # Make sure the lookup was successful.  You would probably
        # want to do something like this in a real app:
        #   $c->detach('/error_404') if !$c->stash->{object};
        die "Book $id not found!" if !$c->stash->{object};
    }

Now, any other method that chains off C<object> will automatically
have the appropriate book waiting for it in 
C<$c-E<gt>stash-Egt>{object}>.

Also note that we are using different technique for setting
C<$c-E<gt>stash>.  The advantage of this style is that it let's you
set multiple stash variables at a time.  For example:

    $c->stash(object => $c->stash->{resultset}->find($id),
              another_thing => 1);

or as a hashref:

    $c->stash({object => $c->stash->{resultset}->find($id),
              another_thing => 1});

Either format works, but the C<$c-E<gt>stash(name =E<gt> value);>
style is growing in popularity -- you may which to use it all
the time (even when you are only setting a single value).


=head2 Add a Delete Action to the Controller

Open C<lib/MyApp/Controller/Books.pm> in your editor and add the
following method:

    =head2 delete
    
    Delete a book
        
    =cut
    
    sub delete :Chained('object') :PathPart('delete') :Args(0) {
        my ($self, $c) = @_;
    
        # Use the book object saved by 'object' and delete it along
        # with related 'book_authors' entries
        $c->stash->{object}->delete;
    
        # Set a status message to be displayed at the top of the view
        $c->stash->{status_msg} = "Book deleted.";
    
        # Forward to the list action/method in this controller
        $c->forward('list');
    }

This method first deletes the book object saved by the C<object> method. 
However, it also removes the corresponding entry from the 
C<book_authors> table with a cascading delete.

Then, rather than forwarding to a "delete done" page as we did with the
earlier create example, it simply sets the C<status_msg> to display a
notification to the user as the normal list view is rendered.

The C<delete> action uses the context C<forward> method to return the
user to the book list.  The C<detach> method could have also been used.
Whereas C<forward> I<returns> to the original action once it is
completed, C<detach> does I<not> return.  Other than that, the two are
equivalent.


=head2 Try the Delete Feature

If the application is still running from before, use C<Ctrl-C> to kill
it.  Then restart the server:

    $ DBIC_TRACE=1 script/myapp_server.pl

The C<delete> method now appears in the "Loaded Chained actions" section
of the startup debug output:

    [debug] Loaded Chained actions:
    .-------------------------------------+--------------------------------------.
    | Path Spec                           | Private                              |
    +-------------------------------------+--------------------------------------+
    | /books/id/*/delete                  | /books/base (0)                      |
    |                                     | -> /books/object (1)                 |
    |                                     | => /books/delete                     |
    | /books/form_create                  | /books/base (0)                      |
    |                                     | => /books/form_create                |
    | /books/form_create_do               | /books/base (0)                      |
    |                                     | => /books/form_create_do             |
    | /books/url_create/*/*/*             | /books/base (0)                      |
    |                                     | => /books/url_create                 |
    '-------------------------------------+--------------------------------------'

Then point your browser to L<http://localhost:3000/books/list> and click
the "Delete" link next to the first "TCPIP_Illustrated_Vol-2".  A green 
"Book deleted" status message should display at the top of the page, 
along with a list of the eight remaining books.  You will also see the
cascading delete operation via the DBIC_TRACE output:

    DELETE FROM books WHERE ( id = ? ): '6'
    SELECT me.book_id, me.author_id FROM book_authors me WHERE ( me.book_id = ? ): '6'
    DELETE FROM book_authors WHERE ( author_id = ? AND book_id = ? ): '4', '6'


=head2 Fixing a Dangerous URL

Note the URL in your browser once you have performed the deletion in the 
prior step -- it is still referencing the delete action:

    http://localhost:3000/books/delete/6

What if the user were to press reload with this URL still active?  In 
this case the redundant delete is harmless (although it does generate 
an exception screen, it doesn't perform any undesirable actions on the 
application or database), but in other cases this could clearly be 
extremely dangerous.

We can improve the logic by converting to a redirect.  Unlike
C<$c-E<gt>forward('list'))> or C<$c-E<gt>detach('list'))> that perform
a server-side alteration in the flow of processing, a redirect is a
client-side mechanism that causes the browser to issue an entirely
new request.  As a result, the URL in the browser is updated to match
the destination of the redirection URL.

To convert the forward used in the previous section to a redirect,
open C<lib/MyApp/Controller/Books.pm> and edit the existing 
C<sub delete> method to match:

    =head2 delete
    
    Delete a book
    
    =cut
    
    sub delete :Chained('object') :PathPart('delete') :Args(0) {
        my ($self, $c) = @_;
    
        # Use the book object saved by 'object' and delete it along
        # with related 'book_authors' entries
        $c->stash->{object}->delete;
    
        # Set a status message to be displayed at the top of the view
        $c->stash->{status_msg} = "Book deleted.";
    
        # Redirect the user back to the list page.  Note the use
        # of $self->action_for as earlier in this section (BasicCRUD)
        $c->response->redirect($c->uri_for($self->action_for('list')));
    }


=head2 Try the Delete and Redirect Logic

Restart the development server and point your browser to 
L<http://localhost:3000/books/list> (don't just hit "Refresh" in your 
browser since we left the URL in an invalid state in the previous 
section!) and delete the first copy of the remaining two 
"TCPIP_Illustrated_Vol-2" books.  The URL in your browser should return 
to the L<http://localhost:3000/books/list> URL, so that is an 
improvement, but notice that I<no green "Book deleted" status message is 
displayed>.  Because the stash is reset on every request (and a redirect 
involves a second request), the C<status_msg> is cleared before it can 
be displayed.


=head2 Using C<uri_for> to Pass Query Parameters

There are several ways to pass information across a redirect. One 
option is to use the C<flash> technique that we will see in Part 5 of 
the tutorial; however, here we will pass the information via query 
parameters on the redirect itself.  Open 
C<lib/MyApp/Controller/Books.pm> and update the existing C<sub delete> 
method to match the following:

    =head2 delete 
    
    Delete a book
        
    =cut
    
    sub delete :Chained('object') :PathPart('delete') :Args(0) {
        my ($self, $c) = @_;
    
        # Use the book object saved by 'object' and delete it along
        # with related 'book_authors' entries
        $c->stash->{object}->delete;
    
        # Redirect the user back to the list page with status msg as an arg
        $c->response->redirect($c->uri_for($self->action_for('list'), 
            {status_msg => "Book deleted."}));
    }

This modification simply leverages the ability of C<uri_for> to include
an arbitrary number of name/value pairs in a hash reference.  Next, we 
need to update C<root/src/wrapper.tt2> to handle C<status_msg> as a 
query parameter:

    ...
    <div id="content">
        [%# Status and error messages %]
        <span class="message">[% status_msg || c.request.params.status_msg %]</span>
        <span class="error">[% error_msg %]</span>
        [%# This is where TT will stick all of your template's contents. -%]
        [% content %]
    </div><!-- end content -->
    ...

Although the sample above only shows the C<content> div, leave the 
rest of the file intact -- the only change we made to the C<wrapper.tt2>
was to add "C<|| c.request.params.status_msg>" to the 
C<E<lt>span class="message"E<gt>> line.


=head2 Try the Delete and Redirect With Query Param Logic

Restart the development server and point your browser to 
L<http://localhost:3000/books/list> (you should now be able to safely 
hit "refresh" in your browser).  Then delete the remaining copy of 
"TCPIP_Illustrated_Vol-2".  The green "Book deleted" status message 
should return.

B<NOTE:> Another popular method for maintaining server-side 
information across a redirect is to use the C<flash> technique we 
discuss in the next part of the tutorial, 
L<Authentication|Catalyst::Manual::Tutorial::Authentication>. While 
C<flash> is a "slicker" mechanism in that it's all handled by the 
server and doesn't "pollute" your URLs, B<it is important to note that 
C<flash> can lead to situations where the wrong information shows up 
in the wrong browser window if the user has multiple windows or 
browser tabs open.>  For example, Window A causes something to be 
placed in the stash, but before that window performs a redirect, 
Window B makes a request to the server and gets the status information 
that should really go to Window A.  For this reason, you may wish
to use the "query param" technique shown here in your applications.


=head1 AUTHOR

Kennedy Clark, C<hkclark@gmail.com>

Please report any errors, issues or suggestions to the author.  The
most recent version of the Catalyst Tutorial can be found at
L<http://dev.catalyst.perl.org/repos/Catalyst/Catalyst-Manual/5.70/trunk/lib/Catalyst/Manual/Tutorial/>.

Copyright 2006-2008, Kennedy Clark, under Creative Commons License
(L<http://creativecommons.org/licenses/by-sa/3.0/us/>).