pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add csrf token to remove ccpo user form

Browse Source
This commit is contained in:
leigh-mil
2019-08-08 14:33:10 -04:00
parent 0745539853
commit 7c65783d08
2 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
atst/routes/ccpo.py
View File

@@ -26,7 +26,10 @@ def activity_history():
@user_can(Permissions.VIEW_CCPO_USER, message="view ccpo users") @user_can(Permissions.VIEW_CCPO_USER, message="view ccpo users")
def users(): def users():
users = Users.get_ccpo_users() users = Users.get_ccpo_users()
return render_template("ccpo/users.html", users=users) data = {}
for user in users:
data[user] = CCPOUserForm(obj=user)
return render_template("ccpo/users.html", data=data)
@bp.route("/ccpo-users/new") @bp.route("/ccpo-users/new")

7
templates/ccpo/users.html
View File

@@ -22,7 +22,7 @@
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
{% for user in users %} {% for user, form in data.items() %}
{% set modal_id = "disable_ccpo_user_{}".format(user.dod_id) %} {% set modal_id = "disable_ccpo_user_{}".format(user.dod_id) %}
{% set disable_button_class = 'button-danger-outline' %} {% set disable_button_class = 'button-danger-outline' %}
{% if user == g.current_user %} {% if user == g.current_user %}
@@ -51,14 +51,14 @@
{% endif %} {% endif %}
{% if user_can(permissions.DELETE_CCPO_USER) %} {% if user_can(permissions.DELETE_CCPO_USER) %}
{% for user in users %} {% for user, form in data.items() %}
{% set modal_id = "disable_ccpo_user_{}".format(user.dod_id) %} {% set modal_id = "disable_ccpo_user_{}".format(user.dod_id) %}
{% set confirmation_text = 'remove' %} {% set confirmation_text = 'remove' %}
{% call Modal(name=modal_id) %} {% call Modal(name=modal_id) %}
{{ {{
Alert( Alert(
title=("components.modal.destructive_title" | translate), title=("components.modal.destructive_title" | translate),
message=("ccpo.disable_user.alert_message" | translate("user_name": user.full_name)), message=("ccpo.disable_user.alert_message" | translate({"user_name": user.full_name})),
level="warning" level="warning"
) )
}} }}
@@ -75,6 +75,7 @@
</div> </div>
<div class="action-group"> <div class="action-group">
<form method="POST" action="{{ url_for('ccpo.remove_ccpo_access', user_id=user.id)}}"> <form method="POST" action="{{ url_for('ccpo.remove_ccpo_access', user_id=user.id)}}">
{{ form.csrf_token }}
<button class="usa-button button-danger" v-bind:disabled="!valid"> <button class="usa-button button-danger" v-bind:disabled="!valid">
{{ 'ccpo.disable_user.remove_button' | translate }} {{ 'ccpo.disable_user.remove_button' | translate }}
</button> </button>