almet/ihatemoney
1
0
Fork 0
mirror of https://github.com/spiral-project/ihatemoney.git synced 2025-04-28 17:32:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Use non-deprecated way to disable CSRF for API

Browse source 
See also https://github.com/lepture/flask-wtf/pull/287
This commit is contained in:
Jocelyn Delalande 2017-03-29 14:32:43 +02:00
parent 7380b6f9f7
commit c7f4547d5d
1 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
budget/api.py
View file

@ -29,7 +29,7 @@ def check_project(*args, **kwargs):
class ProjectHandler(object):
def add(self):
form = ProjectForm(csrf_enabled=False)
form = ProjectForm(meta={'csrf': False})
if form.validate():
project = form.save()
db.session.add(project)
@ -49,7 +49,7 @@ class ProjectHandler(object):
@need_auth(check_project, "project")
def update(self, project):
form = EditProjectForm(csrf_enabled=False)
form = EditProjectForm(meta={'csrf': False})
if form.validate():
form.update(project)
db.session.commit()
@ -69,7 +69,7 @@ class MemberHandler(object):
return 200, project.members
def add(self, project):
form = MemberForm(project, csrf_enabled=False)
form = MemberForm(project, meta={'csrf': False})
if form.validate():
member = Person()
form.save(project, member)
@ -78,7 +78,7 @@ class MemberHandler(object):
return 400, form.errors
def update(self, project, member_id):
form = MemberForm(project, csrf_enabled=False)
form = MemberForm(project, meta={'csrf': False})
if form.validate():
member = Person.query.get(member_id, project)
form.save(project, member)
@ -104,7 +104,7 @@ class BillHandler(object):
return project.get_bills().all()
def add(self, project):
form = get_billform_for(project, True, csrf_enabled=False)
form = get_billform_for(project, True, meta={'csrf': False})
if form.validate():
bill = Bill()
form.save(bill, project)
@ -114,7 +114,7 @@ class BillHandler(object):
return 400, form.errors
def update(self, project, bill_id):
form = get_billform_for(project, True, csrf_enabled=False)
form = get_billform_for(project, True, meta={'csrf': False})
if form.validate():
bill = Bill.query.get(project, bill_id)
form.save(bill, project)