Add csrf token to remove ccpo user form

This commit is contained in:
leigh-mil 2019-08-08 14:33:10 -04:00
parent 0745539853
commit 7c65783d08
2 changed files with 8 additions and 4 deletions

View File

@ -26,7 +26,10 @@ def activity_history():
@user_can(Permissions.VIEW_CCPO_USER, message="view ccpo users")
def users():
users = Users.get_ccpo_users()
return render_template("ccpo/users.html", users=users)
data = {}
for user in users:
data[user] = CCPOUserForm(obj=user)
return render_template("ccpo/users.html", data=data)
@bp.route("/ccpo-users/new")

View File

@ -22,7 +22,7 @@
</tr>
</thead>
<tbody>
{% for user in users %}
{% for user, form in data.items() %}
{% set modal_id = "disable_ccpo_user_{}".format(user.dod_id) %}
{% set disable_button_class = 'button-danger-outline' %}
{% if user == g.current_user %}
@ -51,14 +51,14 @@
{% endif %}
{% if user_can(permissions.DELETE_CCPO_USER) %}
{% for user in users %}
{% for user, form in data.items() %}
{% set modal_id = "disable_ccpo_user_{}".format(user.dod_id) %}
{% set confirmation_text = 'remove' %}
{% call Modal(name=modal_id) %}
{{
Alert(
title=("components.modal.destructive_title" | translate),
message=("ccpo.disable_user.alert_message" | translate("user_name": user.full_name)),
message=("ccpo.disable_user.alert_message" | translate({"user_name": user.full_name})),
level="warning"
)
}}
@ -75,6 +75,7 @@
</div>
<div class="action-group">
<form method="POST" action="{{ url_for('ccpo.remove_ccpo_access', user_id=user.id)}}">
{{ form.csrf_token }}
<button class="usa-button button-danger" v-bind:disabled="!valid">
{{ 'ccpo.disable_user.remove_button' | translate }}
</button>