Symfony 2 - Delete Forms and CSRF Token

Question

I have a List of entries coming from a database. I would like to have a \"Delete-Button\" at the end of every row, so that the user won\'t have to first go to the edit/show page

Answer 1

I faced a similar situation where I wanted to delete a product while using csrf protection. I also wanted to use ajax to make the DELETE request.

Tested for Symfony 3.x

So, to do this, this is what my view, index.html, looked like:

// html for displaying a products table with delete btn for each row
// ...
// Retrieve csrf token and store it somewhere in DOM (preferably outside table), 
// We do this so that we can send the token via ajax later
 

As seen above, {{ csrf_token('form') }} is what is actually giving you the csrf token inside twig.

My Controller:

/**
 * Deletes a product entity.
 * @Route("/{id}", name="admin_product_delete")
 * @Method("DELETE")
 */
public function deleteAction(Request $request, product $product)
    {
        $form = $this->createDeleteForm($product);
        $form->handleRequest($request);
        if ($form->isSubmitted() && $form->isValid()) {
            $em = $this->getDoctrine()->getManager();
            $em->remove($product);
            $em->flush($product);
            // you can return a json response here to your ajax callback if you'd like.
            return new JsonResponse(array('status' => 'deleted'));
        }
    // return new JsonResponse(array('status' => 'failed'));
}

/**
 * Creates a form to delete a product entity.
 * @param product $product The product entity
 * @return \Symfony\Component\Form\Form The form
 */
private function createDeleteForm(product $product)
{
    return $this->createFormBuilder()
        ->setAction($this->generateUrl('admin/product/{id}', array('id' => $product->getId())))
        ->setMethod('DELETE')
        ->getForm()
    ;
}

And this should delete the required row as expected!