push authorization check for request approval into the requests domain
This commit is contained in:
@@ -11,7 +11,6 @@ from flask import current_app as app
|
||||
from . import requests_bp
|
||||
from atst.domain.requests import Requests
|
||||
from atst.domain.exceptions import NotFoundError
|
||||
from atst.domain.authz import Authorization
|
||||
from atst.forms.ccpo_review import CCPOReviewForm
|
||||
|
||||
|
||||
@@ -46,16 +45,14 @@ def render_approval(request, form=None):
|
||||
|
||||
@requests_bp.route("/requests/approval/<string:request_id>", methods=["GET"])
|
||||
def approval(request_id):
|
||||
request = Requests.get(g.current_user, request_id)
|
||||
Authorization.check_can_approve_request(g.current_user)
|
||||
request = Requests.get_for_approval(g.current_user, request_id)
|
||||
|
||||
return render_approval(request)
|
||||
|
||||
|
||||
@requests_bp.route("/requests/submit_approval/<string:request_id>", methods=["POST"])
|
||||
def submit_approval(request_id):
|
||||
request = Requests.get(g.current_user, request_id)
|
||||
Authorization.check_can_approve_request(g.current_user)
|
||||
request = Requests.get_for_approval(g.current_user, request_id)
|
||||
|
||||
form = CCPOReviewForm(http_request.form)
|
||||
if form.validate():
|
||||
|
Reference in New Issue
Block a user