Require portfolio id in upload-token

It's necessary for the authz decorator
This commit is contained in:
richard-dds 2019-08-28 11:59:11 -04:00
parent 0566b525f6
commit 67a4bb602d
5 changed files with 28 additions and 15 deletions

View File

@ -9,7 +9,6 @@ from flask import (
request,
make_response,
current_app as app,
jsonify,
)
from jinja2.exceptions import TemplateNotFound
@ -44,15 +43,6 @@ def root():
return render_template("login.html", redirect_url=redirect_url)
@bp.route("/upload-token")
@user_can(Permissions.CREATE_TASK_ORDER, message="edit task order form")
def upload_token():
(token, object_name) = app.csp.files.get_token()
render_args = {"token": token, "objectName": object_name}
return jsonify(render_args)
@bp.route("/help")
@bp.route("/help/<path:doc>")
def helpdocs(doc=None):

View File

@ -1,4 +1,12 @@
from flask import g, redirect, render_template, request as http_request, url_for
from flask import (
g,
redirect,
render_template,
request as http_request,
url_for,
current_app as app,
jsonify,
)
from . import task_orders_bp
from atst.domain.authz.decorator import user_can_access_decorator as user_can
@ -64,6 +72,16 @@ def update_task_order(
)
@task_orders_bp.route("/task_orders/<portfolio_id>/upload-token")
@user_can(Permissions.CREATE_TASK_ORDER, message="edit task order form")
def upload_token(portfolio_id):
print(app.csp)
(token, object_name) = app.csp.files.get_token()
render_args = {"token": token, "objectName": object_name}
return jsonify(render_args)
@task_orders_bp.route("/task_orders/<task_order_id>/edit")
@user_can(Permissions.CREATE_TASK_ORDER, message="edit task order form")
def edit(task_order_id):

View File

@ -34,6 +34,9 @@ export default {
type: Boolean,
default: true,
},
portfolioId: {
type: String,
},
},
data: function() {
@ -104,7 +107,9 @@ export default {
this.sizeError = false
},
getUploader: async function() {
return fetch('/upload-token', { credentials: 'include' })
return fetch(`/task_orders/${this.portfolioId}/upload-token`, {
credentials: 'include',
})
.then(response => response.json())
.then(({ token, objectName }) => buildUploader(token, objectName))
},

View File

@ -1,6 +1,6 @@
{% from "components/icon.html" import Icon %}
{% macro UploadInput(field, show_label=False, watch=False, token="", object_name="") -%}
{% macro UploadInput(field, portfolio_id, show_label=False, watch=False, token="", object_name="") -%}
<uploadinput
inline-template
{% if not field.errors %}
@ -9,6 +9,7 @@
v-bind:initial-errors='true'
{% endif %}
v-bind:watch='{{ watch | string | lower }}'
v-bind:portfolio-id="'{{ portfolio_id }}'"
name='{{ field.name }}'
:optional='false'
>

View File

@ -14,8 +14,7 @@
{% set next_button_text = "Next: Add TO Number" %}
{% set step = "1" %}
{% block to_builder_form_field %}
{{ TOFormStepHeader('task_orders.form.supporting_docs_header' | translate, 'task_orders.form.supporting_docs_text' | translate) }}
{{ UploadInput(form.pdf, watch=True, token=token, object_name=object_name) }}
{{ UploadInput(form.pdf, portfolio.id, watch=True, token=token, object_name=object_name) }}
{% endblock %}