From 7c65783d081af7aa00e2d4c427d8301600c5e915 Mon Sep 17 00:00:00 2001 From: leigh-mil Date: Thu, 8 Aug 2019 14:33:10 -0400 Subject: [PATCH] Add csrf token to remove ccpo user form --- atst/routes/ccpo.py | 5 ++++- templates/ccpo/users.html | 7 ++++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/atst/routes/ccpo.py b/atst/routes/ccpo.py index 5f799e22..384a6b50 100644 --- a/atst/routes/ccpo.py +++ b/atst/routes/ccpo.py @@ -26,7 +26,10 @@ def activity_history(): @user_can(Permissions.VIEW_CCPO_USER, message="view ccpo users") def users(): users = Users.get_ccpo_users() - return render_template("ccpo/users.html", users=users) + data = {} + for user in users: + data[user] = CCPOUserForm(obj=user) + return render_template("ccpo/users.html", data=data) @bp.route("/ccpo-users/new") diff --git a/templates/ccpo/users.html b/templates/ccpo/users.html index 13e4db0b..086219e3 100644 --- a/templates/ccpo/users.html +++ b/templates/ccpo/users.html @@ -22,7 +22,7 @@ - {% for user in users %} + {% for user, form in data.items() %} {% set modal_id = "disable_ccpo_user_{}".format(user.dod_id) %} {% set disable_button_class = 'button-danger-outline' %} {% if user == g.current_user %} @@ -51,14 +51,14 @@ {% endif %} {% if user_can(permissions.DELETE_CCPO_USER) %} - {% for user in users %} + {% for user, form in data.items() %} {% set modal_id = "disable_ccpo_user_{}".format(user.dod_id) %} {% set confirmation_text = 'remove' %} {% call Modal(name=modal_id) %} {{ Alert( title=("components.modal.destructive_title" | translate), - message=("ccpo.disable_user.alert_message" | translate("user_name": user.full_name)), + message=("ccpo.disable_user.alert_message" | translate({"user_name": user.full_name})), level="warning" ) }} @@ -75,6 +75,7 @@
+ {{ form.csrf_token }}