Require portfolio id in upload-token
It's necessary for the authz decorator
This commit is contained in:
parent
0566b525f6
commit
67a4bb602d
@ -9,7 +9,6 @@ from flask import (
|
||||
request,
|
||||
make_response,
|
||||
current_app as app,
|
||||
jsonify,
|
||||
)
|
||||
|
||||
from jinja2.exceptions import TemplateNotFound
|
||||
@ -44,15 +43,6 @@ def root():
|
||||
return render_template("login.html", redirect_url=redirect_url)
|
||||
|
||||
|
||||
@bp.route("/upload-token")
|
||||
@user_can(Permissions.CREATE_TASK_ORDER, message="edit task order form")
|
||||
def upload_token():
|
||||
(token, object_name) = app.csp.files.get_token()
|
||||
render_args = {"token": token, "objectName": object_name}
|
||||
|
||||
return jsonify(render_args)
|
||||
|
||||
|
||||
@bp.route("/help")
|
||||
@bp.route("/help/<path:doc>")
|
||||
def helpdocs(doc=None):
|
||||
|
@ -1,4 +1,12 @@
|
||||
from flask import g, redirect, render_template, request as http_request, url_for
|
||||
from flask import (
|
||||
g,
|
||||
redirect,
|
||||
render_template,
|
||||
request as http_request,
|
||||
url_for,
|
||||
current_app as app,
|
||||
jsonify,
|
||||
)
|
||||
|
||||
from . import task_orders_bp
|
||||
from atst.domain.authz.decorator import user_can_access_decorator as user_can
|
||||
@ -64,6 +72,16 @@ def update_task_order(
|
||||
)
|
||||
|
||||
|
||||
@task_orders_bp.route("/task_orders/<portfolio_id>/upload-token")
|
||||
@user_can(Permissions.CREATE_TASK_ORDER, message="edit task order form")
|
||||
def upload_token(portfolio_id):
|
||||
print(app.csp)
|
||||
(token, object_name) = app.csp.files.get_token()
|
||||
render_args = {"token": token, "objectName": object_name}
|
||||
|
||||
return jsonify(render_args)
|
||||
|
||||
|
||||
@task_orders_bp.route("/task_orders/<task_order_id>/edit")
|
||||
@user_can(Permissions.CREATE_TASK_ORDER, message="edit task order form")
|
||||
def edit(task_order_id):
|
||||
|
@ -34,6 +34,9 @@ export default {
|
||||
type: Boolean,
|
||||
default: true,
|
||||
},
|
||||
portfolioId: {
|
||||
type: String,
|
||||
},
|
||||
},
|
||||
|
||||
data: function() {
|
||||
@ -104,7 +107,9 @@ export default {
|
||||
this.sizeError = false
|
||||
},
|
||||
getUploader: async function() {
|
||||
return fetch('/upload-token', { credentials: 'include' })
|
||||
return fetch(`/task_orders/${this.portfolioId}/upload-token`, {
|
||||
credentials: 'include',
|
||||
})
|
||||
.then(response => response.json())
|
||||
.then(({ token, objectName }) => buildUploader(token, objectName))
|
||||
},
|
||||
|
@ -1,6 +1,6 @@
|
||||
{% from "components/icon.html" import Icon %}
|
||||
|
||||
{% macro UploadInput(field, show_label=False, watch=False, token="", object_name="") -%}
|
||||
{% macro UploadInput(field, portfolio_id, show_label=False, watch=False, token="", object_name="") -%}
|
||||
<uploadinput
|
||||
inline-template
|
||||
{% if not field.errors %}
|
||||
@ -9,6 +9,7 @@
|
||||
v-bind:initial-errors='true'
|
||||
{% endif %}
|
||||
v-bind:watch='{{ watch | string | lower }}'
|
||||
v-bind:portfolio-id="'{{ portfolio_id }}'"
|
||||
name='{{ field.name }}'
|
||||
:optional='false'
|
||||
>
|
||||
|
@ -14,8 +14,7 @@
|
||||
{% set next_button_text = "Next: Add TO Number" %}
|
||||
{% set step = "1" %}
|
||||
|
||||
|
||||
{% block to_builder_form_field %}
|
||||
{{ TOFormStepHeader('task_orders.form.supporting_docs_header' | translate, 'task_orders.form.supporting_docs_text' | translate) }}
|
||||
{{ UploadInput(form.pdf, watch=True, token=token, object_name=object_name) }}
|
||||
{{ UploadInput(form.pdf, portfolio.id, watch=True, token=token, object_name=object_name) }}
|
||||
{% endblock %}
|
||||
|
Loading…
x
Reference in New Issue
Block a user