From 655ffbc0bb78ea53259a5e792160c7818614ad8e Mon Sep 17 00:00:00 2001 From: Alejandro Sirgo Rica Date: Tue, 17 Dec 2024 14:00:36 +0100 Subject: views: add missing @login_required restrictions Add checks for logged user in folder/add and folder/update endpoints. --- ogcp/views.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ogcp/views.py b/ogcp/views.py index a624dab..694435f 100644 --- a/ogcp/views.py +++ b/ogcp/views.py @@ -1651,6 +1651,7 @@ def action_folder_delete(): @app.route('/action/folder/update', methods=['GET','POST']) @handle_server_errors('scopes') +@login_required def action_folder_update(): form = FolderForm(request.form) if request.method == 'POST': @@ -1705,6 +1706,7 @@ def action_folder_add(): @app.route('/action/folder/add', methods=['POST']) @handle_server_errors('scopes') +@login_required def action_folder_add_post(): form = FolderForm(request.form) payload = {"name": form.name.data} -- cgit v1.2.3-18-g5258