Add csrf token to remove ccpo user form
This commit is contained in:
parent
0745539853
commit
7c65783d08
@ -26,7 +26,10 @@ def activity_history():
|
||||
@user_can(Permissions.VIEW_CCPO_USER, message="view ccpo users")
|
||||
def users():
|
||||
users = Users.get_ccpo_users()
|
||||
return render_template("ccpo/users.html", users=users)
|
||||
data = {}
|
||||
for user in users:
|
||||
data[user] = CCPOUserForm(obj=user)
|
||||
return render_template("ccpo/users.html", data=data)
|
||||
|
||||
|
||||
@bp.route("/ccpo-users/new")
|
||||
|
@ -22,7 +22,7 @@
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{% for user in users %}
|
||||
{% for user, form in data.items() %}
|
||||
{% set modal_id = "disable_ccpo_user_{}".format(user.dod_id) %}
|
||||
{% set disable_button_class = 'button-danger-outline' %}
|
||||
{% if user == g.current_user %}
|
||||
@ -51,14 +51,14 @@
|
||||
{% endif %}
|
||||
|
||||
{% if user_can(permissions.DELETE_CCPO_USER) %}
|
||||
{% for user in users %}
|
||||
{% for user, form in data.items() %}
|
||||
{% set modal_id = "disable_ccpo_user_{}".format(user.dod_id) %}
|
||||
{% set confirmation_text = 'remove' %}
|
||||
{% call Modal(name=modal_id) %}
|
||||
{{
|
||||
Alert(
|
||||
title=("components.modal.destructive_title" | translate),
|
||||
message=("ccpo.disable_user.alert_message" | translate("user_name": user.full_name)),
|
||||
message=("ccpo.disable_user.alert_message" | translate({"user_name": user.full_name})),
|
||||
level="warning"
|
||||
)
|
||||
}}
|
||||
@ -75,6 +75,7 @@
|
||||
</div>
|
||||
<div class="action-group">
|
||||
<form method="POST" action="{{ url_for('ccpo.remove_ccpo_access', user_id=user.id)}}">
|
||||
{{ form.csrf_token }}
|
||||
<button class="usa-button button-danger" v-bind:disabled="!valid">
|
||||
{{ 'ccpo.disable_user.remove_button' | translate }}
|
||||
</button>
|
||||
|
Loading…
x
Reference in New Issue
Block a user