Add csrf token to remove ccpo user form

2019-08-08 14:33:10 -04:00
parent 0745539853
commit 7c65783d08
2 changed files with 8 additions and 4 deletions
--- a/templates/ccpo/users.html
+++ b/templates/ccpo/users.html
@@ -22,7 +22,7 @@
        </tr>
      </thead>
      <tbody>
-        {% for user in users %}
+        {% for user, form in data.items() %}
          {% set modal_id = "disable_ccpo_user_{}".format(user.dod_id) %}
          {% set disable_button_class = 'button-danger-outline' %}
          {% if user == g.current_user %}
@@ -51,14 +51,14 @@
  {% endif %}

  {% if user_can(permissions.DELETE_CCPO_USER) %}
-    {% for user in users %}
+    {% for user, form in data.items() %}
      {% set modal_id = "disable_ccpo_user_{}".format(user.dod_id) %}
      {% set confirmation_text = 'remove' %}
      {% call Modal(name=modal_id) %}
        {{
          Alert(
            title=("components.modal.destructive_title" | translate),
-            message=("ccpo.disable_user.alert_message" | translate("user_name": user.full_name)),
+            message=("ccpo.disable_user.alert_message" | translate({"user_name": user.full_name})),
            level="warning"
          )
        }}
@@ -75,6 +75,7 @@
            </div>
            <div class="action-group">
              <form method="POST" action="{{ url_for('ccpo.remove_ccpo_access', user_id=user.id)}}">
+                {{ form.csrf_token }}
                <button class="usa-button button-danger" v-bind:disabled="!valid">
                  {{ 'ccpo.disable_user.remove_button' | translate }}
                </button>