pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Authorize user before validating form

Browse Source
This commit is contained in:
Montana 2019-02-04 14:36:27 -05:00
parent d7eb8ab56f
commit d0243f32b1
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
atst/routes/portfolios/task_orders.py
View File

@ -88,11 +88,11 @@ def ko_review(portfolio_id, task_order_id):
"/portfolios/<portfolio_id>/task_order/<task_order_id>/review", methods=["POST"] "/portfolios/<portfolio_id>/task_order/<task_order_id>/review", methods=["POST"]
) )
def submit_ko_review(portfolio_id, task_order_id, form=None): def submit_ko_review(portfolio_id, task_order_id, form=None):
Authorization.check_is_ko(g.current_user, task_order)
task_order = TaskOrders.get(g.current_user, task_order_id) task_order = TaskOrders.get(g.current_user, task_order_id)
form = KOReviewForm(http_request.form) form = KOReviewForm(http_request.form)
if form.validate(): if form.validate():
Authorization.check_is_ko(g.current_user, task_order)
TaskOrders.update(user=g.current_user, task_order=task_order, **form.data) TaskOrders.update(user=g.current_user, task_order=task_order, **form.data)
return redirect( return redirect(
url_for( url_for(