lucaspalomodevelop/eventcally
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/eventcally.git synced 2026-03-13 00:07:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Unauthorized user does not redirect to login from event reference #159

Browse Source
This commit is contained in:
Daniel Grams 2021-04-21 20:19:14 +02:00
parent 5f56260401
commit 7ae99d5702
6 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
project/views/event.py
View File

@ -3,6 +3,7 @@ from datetime import datetime
from flask import flash, jsonify, redirect, render_template, request, url_for
from flask_babelex import gettext
from flask_security import auth_required
from sqlalchemy.exc import SQLAlchemyError
from sqlalchemy.sql import func
@ -78,6 +79,7 @@ def event_actions(event_id):
@app.route("/admin_unit/<int:id>/events/create", methods=("GET", "POST"))
@auth_required()
def event_create_for_admin_unit_id(id):
admin_unit = AdminUnit.query.get_or_404(id)
access_or_401(admin_unit, "event:create")
@ -161,6 +163,7 @@ def event_create_for_admin_unit_id(id):
@app.route("/event/<int:event_id>/update", methods=("GET", "POST"))
@auth_required()
def event_update(event_id):
event = Event.query.get_or_404(event_id)
access_or_401(event.admin_unit, "event:update")
@ -193,6 +196,7 @@ def event_update(event_id):
@app.route("/event/<int:event_id>/delete", methods=("GET", "POST"))
@auth_required()
def event_delete(event_id):
event = Event.query.get_or_404(event_id)
access_or_401(event.admin_unit, "event:delete")

2
project/views/event_suggestion.py
View File

@ -1,5 +1,6 @@
from flask import flash, redirect, render_template, url_for
from flask_babelex import gettext
from flask_security import auth_required
from sqlalchemy.exc import SQLAlchemyError
from project import app, db
@ -10,6 +11,7 @@ from project.views.utils import flash_errors, handleSqlError, send_mail
@app.route("/event_suggestion/<int:event_suggestion_id>/review")
@auth_required()
def event_suggestion_review(event_suggestion_id):
event_suggestion = EventSuggestion.query.get_or_404(event_suggestion_id)
access_or_401(event_suggestion.admin_unit, "event:verify")

3
project/views/oauth2_token.py
View File

@ -1,6 +1,6 @@
from flask import flash, redirect, render_template, url_for
from flask_babelex import gettext
from flask_security import current_user
from flask_security import auth_required, current_user
from sqlalchemy.exc import SQLAlchemyError
from project import app, db
@ -11,6 +11,7 @@ from project.views.utils import flash_errors, get_pagination_urls, handleSqlErro
@app.route("/oauth2_token/<int:id>/revoke", methods=("GET", "POST"))
@auth_required()
def oauth2_token_revoke(id):
oauth2_token = OAuth2Token.query.get_or_404(id)
owner_access_or_401(oauth2_token.user_id)

3
project/views/reference.py
View File

@ -31,6 +31,7 @@ from project.views.utils import (
@app.route("/reference/<int:id>")
@auth_required()
def event_reference(id):
reference = EventReference.query.get_or_404(id)
access_or_401(reference.admin_unit, "reference:read")
@ -85,6 +86,7 @@ def event_reference_create(event_id):
@app.route("/reference/<int:id>/update", methods=("GET", "POST"))
@auth_required()
def event_reference_update(id):
reference = EventReference.query.get_or_404(id)
access_or_401(reference.admin_unit, "reference:update")
@ -148,6 +150,7 @@ def manage_admin_unit_references_outgoing(id):
@app.route("/reference/<int:id>/delete", methods=("GET", "POST"))
@auth_required()
def reference_delete(id):
reference = EventReference.query.get_or_404(id)
access_or_401(reference.admin_unit, "reference:delete")

1
project/views/reference_request.py
View File

@ -66,6 +66,7 @@ def manage_admin_unit_reference_requests_outgoing(id):
@app.route("/event/<int:event_id>/reference_request/create", methods=("GET", "POST"))
@auth_required()
def event_reference_request_create(event_id):
event = Event.query.get_or_404(event_id)
access_or_401(event.admin_unit, "reference_request:create")

2
project/views/reference_request_review.py
View File

@ -1,5 +1,6 @@
from flask import abort, flash, redirect, render_template, url_for
from flask_babelex import gettext
from flask_security import auth_required
from sqlalchemy.exc import SQLAlchemyError
from project import app, db
@ -18,6 +19,7 @@ from project.views.utils import flash_errors, handleSqlError, send_mail
@app.route("/reference_request/<int:id>/review", methods=("GET", "POST"))
@auth_required()
def event_reference_request_review(id):
request = EventReferenceRequest.query.get_or_404(id)
access_or_401(request.admin_unit, "reference_request:verify")