Require portfolio id in upload-token

It's necessary for the authz decorator

atst/routes/__init__.py

@@ -9,7 +9,6 @@ from flask import (
     request,
     make_response,
     current_app as app,
-    jsonify,
 )
 
 from jinja2.exceptions import TemplateNotFound
@@ -44,15 +43,6 @@ def root():
     return render_template("login.html", redirect_url=redirect_url)
 
 
-@bp.route("/upload-token")
-@user_can(Permissions.CREATE_TASK_ORDER, message="edit task order form")
-def upload_token():
-    (token, object_name) = app.csp.files.get_token()
-    render_args = {"token": token, "objectName": object_name}
-
-    return jsonify(render_args)
-
-
 @bp.route("/help")
 @bp.route("/help/<path:doc>")
 def helpdocs(doc=None):

atst/routes/task_orders/new.py

@@ -1,4 +1,12 @@
-from flask import g, redirect, render_template, request as http_request, url_for
+from flask import (
+    g,
+    redirect,
+    render_template,
+    request as http_request,
+    url_for,
+    current_app as app,
+    jsonify,
+)
 
 from . import task_orders_bp
 from atst.domain.authz.decorator import user_can_access_decorator as user_can
@@ -64,6 +72,16 @@ def update_task_order(
         )
 
 
+@task_orders_bp.route("/task_orders/<portfolio_id>/upload-token")
+@user_can(Permissions.CREATE_TASK_ORDER, message="edit task order form")
+def upload_token(portfolio_id):
+    print(app.csp)
+    (token, object_name) = app.csp.files.get_token()
+    render_args = {"token": token, "objectName": object_name}
+
+    return jsonify(render_args)
+
+
 @task_orders_bp.route("/task_orders/<task_order_id>/edit")
 @user_can(Permissions.CREATE_TASK_ORDER, message="edit task order form")
 def edit(task_order_id):