pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add permission check to upload_token route

Browse Source
This commit is contained in:
richard-dds 2019-08-26 10:26:26 -04:00
parent c324cde3b3
commit 0e593a77f1
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
atst/routes/__init__.py
View File

@ -21,6 +21,8 @@ from atst.domain.users import Users
from atst.domain.authnid import AuthenticationContext
from atst.domain.auth import logout as _logout
from atst.utils.flash import formatted_flash as flash
from atst.models.permissions import Permissions
from atst.domain.authz.decorator import user_can_access_decorator as user_can
bp = Blueprint("atst", __name__)
@ -43,6 +45,7 @@ def root():
@bp.route("/upload-token")
@user_can(Permissions.CREATE_TASK_ORDER, message="edit task order form")
def upload_token():
(token, object_name) = app.csp.files.get_token()
render_args = {"token": token, "objectName": object_name}