parent
0dc02ed67f
commit
889e130e6b
|
@ -3,14 +3,18 @@ from flask_user import *
|
||||||
import flask_menu as menu
|
import flask_menu as menu
|
||||||
from flask.ext import markdown
|
from flask.ext import markdown
|
||||||
from flask_github import GitHub
|
from flask_github import GitHub
|
||||||
|
from flask_wtf.csrf import CsrfProtect
|
||||||
import os
|
import os
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
app = Flask(__name__)
|
app = Flask(__name__)
|
||||||
app.config.from_pyfile(os.environ["FLASK_CONFIG"])
|
app.config.from_pyfile(os.environ["FLASK_CONFIG"])
|
||||||
|
|
||||||
menu.Menu(app=app)
|
menu.Menu(app=app)
|
||||||
markdown.Markdown(app, extensions=["fenced_code"], safe_mode=True, output_format="html5")
|
markdown.Markdown(app, extensions=["fenced_code"], safe_mode=True, output_format="html5")
|
||||||
github = GitHub(app)
|
github = GitHub(app)
|
||||||
|
csrf = CsrfProtect(app)
|
||||||
|
|
||||||
from . import models, tasks
|
from . import models, tasks
|
||||||
from .views import *
|
from .views import *
|
||||||
|
|
|
@ -29,9 +29,14 @@
|
||||||
</div>
|
</div>
|
||||||
{% elif package.checkPerm(current_user, "APPROVE_CHANGES") %}
|
{% elif package.checkPerm(current_user, "APPROVE_CHANGES") %}
|
||||||
<div class="box box_grey">
|
<div class="box box_grey">
|
||||||
To resolve this request, either
|
<form method="post" action="{{ request.getApproveURL() }}">
|
||||||
<a href="{{ request.getApproveURL() }}">Approve and Apply</a> or
|
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
|
||||||
<a href="{{ request.getRejectURL() }}">Reject</a> it.
|
<input type="submit" value="Approve and Apply" />
|
||||||
|
</form>
|
||||||
|
<form method="post" action="{{ request.getRejectURL() }}">
|
||||||
|
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
|
||||||
|
<input type="submit" value="Reject" />
|
||||||
|
</form>
|
||||||
</div>
|
</div>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
|
|
@ -10,7 +10,10 @@
|
||||||
<span class="icon_message"></span>
|
<span class="icon_message"></span>
|
||||||
This package needs to be approved before it can be found.
|
This package needs to be approved before it can be found.
|
||||||
{% if package.checkPerm(current_user, "APPROVE_NEW") %}
|
{% if package.checkPerm(current_user, "APPROVE_NEW") %}
|
||||||
<a href="{{ package.getApproveURL() }}">Approve</a>
|
<form method="post" action="{{ package.getApproveURL() }}">
|
||||||
|
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
|
||||||
|
<input type="submit" value="Approve" />
|
||||||
|
</form>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
<div style="clear: both;"></div>
|
<div style="clear: both;"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
|
@ -172,7 +172,7 @@ def create_edit_package_page(author=None, name=None):
|
||||||
|
|
||||||
return render_template("packages/create_edit.html", package=package, form=form, author=author)
|
return render_template("packages/create_edit.html", package=package, form=form, author=author)
|
||||||
|
|
||||||
@app.route("/packages/<author>/<name>/approve/")
|
@app.route("/packages/<author>/<name>/approve/", methods=["POST"])
|
||||||
@login_required
|
@login_required
|
||||||
@is_package_page
|
@is_package_page
|
||||||
def approve_package_page(package):
|
def approve_package_page(package):
|
||||||
|
@ -314,7 +314,7 @@ def view_editrequest_page(package, id):
|
||||||
return render_template("packages/editrequest_view.html", package=package, request=erequest)
|
return render_template("packages/editrequest_view.html", package=package, request=erequest)
|
||||||
|
|
||||||
|
|
||||||
@app.route("/packages/<author>/<name>/requests/<id>/approve/")
|
@app.route("/packages/<author>/<name>/requests/<id>/approve/", methods=["POST"])
|
||||||
@is_package_page
|
@is_package_page
|
||||||
def approve_editrequest_page(package, id):
|
def approve_editrequest_page(package, id):
|
||||||
if not package.checkPerm(current_user, Permission.APPROVE_CHANGES):
|
if not package.checkPerm(current_user, Permission.APPROVE_CHANGES):
|
||||||
|
@ -339,7 +339,7 @@ def approve_editrequest_page(package, id):
|
||||||
|
|
||||||
return redirect(package.getDetailsURL())
|
return redirect(package.getDetailsURL())
|
||||||
|
|
||||||
@app.route("/packages/<author>/<name>/requests/<id>/reject/")
|
@app.route("/packages/<author>/<name>/requests/<id>/reject/", methods=["POST"])
|
||||||
@is_package_page
|
@is_package_page
|
||||||
def reject_editrequest_page(package, id):
|
def reject_editrequest_page(package, id):
|
||||||
if not package.checkPerm(current_user, Permission.APPROVE_CHANGES):
|
if not package.checkPerm(current_user, Permission.APPROVE_CHANGES):
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
from flask import *
|
from flask import *
|
||||||
from flask_user import *
|
from flask_user import *
|
||||||
from flask.ext import menu
|
from flask.ext import menu
|
||||||
from app import app
|
from app import app, csrf
|
||||||
from app.models import *
|
from app.models import *
|
||||||
from app.tasks import celery
|
from app.tasks import celery
|
||||||
from app.tasks.importtasks import getMeta
|
from app.tasks.importtasks import getMeta
|
||||||
|
@ -10,6 +10,7 @@ from .utils import shouldReturnJson
|
||||||
|
|
||||||
from .utils import *
|
from .utils import *
|
||||||
|
|
||||||
|
@csrf.exempt
|
||||||
@app.route("/tasks/getmeta/new/", methods=["POST"])
|
@app.route("/tasks/getmeta/new/", methods=["POST"])
|
||||||
@login_required
|
@login_required
|
||||||
def new_getmeta_page():
|
def new_getmeta_page():
|
||||||
|
|
Loading…
Reference in New Issue