1 files changed, 34 insertions, 4 deletions

diff --git a/archaeological_finds/views.py b/archaeological_finds/views.py
index a43ebaa12..851245201 100644
--- a/archaeological_finds/views.py
+++ b/archaeological_finds/views.py
@@ -182,13 +182,13 @@ class NewFindBasketView(IshtarMixin, LoginRequiredMixin, CreateView):
         return HttpResponseRedirect(self.get_success_url())
 
 
-class SelectBasketForAdd(IshtarMixin, LoginRequiredMixin, FormView):
+class SelectBasketForManagement(IshtarMixin, LoginRequiredMixin, FormView):
     template_name = 'ishtar/form.html'
     form_class = SelectFindBasketForm
-    page_name = _(u"Add items to basket")
+    page_name = _(u"Manage items in basket")
 
     def get_form_kwargs(self):
-        kwargs = super(SelectBasketForAdd, self).get_form_kwargs()
+        kwargs = super(SelectBasketForManagement, self).get_form_kwargs()
         kwargs['user'] = IshtarUser.objects.get(pk=self.request.user.pk)
         if 'pk' in self.kwargs:
             kwargs['initial'].update({'basket': self.kwargs['pk']})
@@ -255,10 +255,40 @@ class FindBasketListView(IshtarMixin, LoginRequiredMixin, TemplateView):
             raise PermissionDenied
         context['basket'] = self.basket
         context['item_url'] = '/'.join(
-            reverse(models.Find.SHOW_URL, args=[1]).split('/')[:-2])
+            reverse(models.Find.SHOW_URL, args=[1]).split('/')[:-1])
+        context['delete_url'] = '/'.join(
+            reverse('delete_iteminbasket', args=[1, 1]).split('/')[:-3])
         return context
 
 
+class FindBasketDeleteItemView(IshtarMixin, LoginRequiredMixin, TemplateView):
+    template_name = 'ishtar/simple_form.html'
+
+    def get_success_url(self, basket):
+        return reverse('list_iteminbasket', kwargs={'pk': basket.pk})
+
+    def get(self, *args, **kwargs):
+        user = self.request.user
+        ishtaruser = IshtarUser.objects.get(pk=self.request.user.pk)
+        try:
+            find = models.Find.objects.get(
+                pk=self.kwargs['find_pk'])
+        except models.Find.DoesNotExist:
+            raise PermissionDenied
+        try:
+            basket = models.FindBasket.objects.get(
+                pk=self.kwargs['basket'], user=ishtaruser)
+        except models.FindBasket.DoesNotExist:
+            raise PermissionDenied
+        if not user.is_superuser and \
+                not ishtaruser.has_right('change_find') and \
+                not (ishtaruser.has_right('change_own_find')
+                     and find.is_own(user)):
+            raise PermissionDenied
+        basket.items.remove(find)
+        return HttpResponseRedirect(self.get_success_url(basket))
+
+
 class DeleteFindBasketView(IshtarMixin, LoginRequiredMixin, FormView):
     template_name = 'ishtar/form_delete.html'
     form_class = DeleteFindBasketForm