fix settings page csrf
This commit is contained in:
Binary file not shown.
@@ -13,6 +13,7 @@ from forms import CompanySettingsForm
|
||||
from utils import log_event, create_notification, get_unread_count
|
||||
from io import StringIO
|
||||
import csv
|
||||
from flask_wtf.csrf import generate_csrf
|
||||
|
||||
# Set up logging to show in console
|
||||
logging.basicConfig(
|
||||
@@ -689,7 +690,8 @@ def init_routes(main_bp):
|
||||
current_page=current_page,
|
||||
users=users,
|
||||
email_templates=email_templates,
|
||||
form=company_form)
|
||||
form=company_form,
|
||||
csrf_token=generate_csrf())
|
||||
|
||||
@main_bp.route('/settings/colors', methods=['POST'])
|
||||
@login_required
|
||||
@@ -966,7 +968,7 @@ def init_routes(main_bp):
|
||||
date_range=date_range,
|
||||
user_id=user_id,
|
||||
users=users,
|
||||
csrf_token=session.get('csrf_token'))
|
||||
csrf_token=generate_csrf())
|
||||
|
||||
# For full page requests, render the full settings page
|
||||
site_settings = SiteSettings.get_settings()
|
||||
@@ -979,7 +981,65 @@ def init_routes(main_bp):
|
||||
total_pages=total_pages,
|
||||
current_page=page,
|
||||
users=users,
|
||||
csrf_token=session.get('csrf_token'))
|
||||
csrf_token=generate_csrf())
|
||||
|
||||
@main_bp.route('/api/events')
|
||||
@login_required
|
||||
def get_events():
|
||||
if not current_user.is_admin:
|
||||
return jsonify({'error': 'Unauthorized'}), 403
|
||||
|
||||
# Get filter parameters
|
||||
event_type = request.args.get('event_type')
|
||||
date_range = request.args.get('date_range', '7d')
|
||||
user_id = request.args.get('user_id')
|
||||
page = request.args.get('page', 1, type=int)
|
||||
per_page = 10
|
||||
|
||||
# Calculate date range
|
||||
end_date = datetime.utcnow()
|
||||
if date_range == '24h':
|
||||
start_date = end_date - timedelta(days=1)
|
||||
elif date_range == '7d':
|
||||
start_date = end_date - timedelta(days=7)
|
||||
elif date_range == '30d':
|
||||
start_date = end_date - timedelta(days=30)
|
||||
else:
|
||||
start_date = None
|
||||
|
||||
# Build query
|
||||
query = Event.query
|
||||
|
||||
if event_type:
|
||||
query = query.filter_by(event_type=event_type)
|
||||
if start_date:
|
||||
query = query.filter(Event.timestamp >= start_date)
|
||||
if user_id:
|
||||
query = query.filter_by(user_id=user_id)
|
||||
|
||||
# Get total count for pagination
|
||||
total_events = query.count()
|
||||
total_pages = (total_events + per_page - 1) // per_page
|
||||
|
||||
# Get paginated events
|
||||
events = query.order_by(Event.timestamp.desc()).paginate(page=page, per_page=per_page)
|
||||
|
||||
return jsonify({
|
||||
'events': [{
|
||||
'id': event.id,
|
||||
'event_type': event.event_type,
|
||||
'timestamp': event.timestamp.isoformat(),
|
||||
'user': {
|
||||
'id': event.user.id,
|
||||
'username': event.user.username,
|
||||
'last_name': event.user.last_name
|
||||
} if event.user else None,
|
||||
'ip_address': event.ip_address,
|
||||
'details': event.details
|
||||
} for event in events.items],
|
||||
'current_page': page,
|
||||
'total_pages': total_pages
|
||||
})
|
||||
|
||||
@main_bp.route('/api/events/<int:event_id>')
|
||||
@login_required
|
||||
@@ -1194,7 +1254,7 @@ def init_routes(main_bp):
|
||||
template_id=template_id,
|
||||
users=users,
|
||||
email_templates=email_templates,
|
||||
csrf_token=session.get('csrf_token'))
|
||||
csrf_token=generate_csrf())
|
||||
|
||||
# For full page requests, render the full settings page
|
||||
site_settings = SiteSettings.get_settings()
|
||||
@@ -1215,7 +1275,7 @@ def init_routes(main_bp):
|
||||
users=users,
|
||||
email_templates=email_templates,
|
||||
form=company_form,
|
||||
csrf_token=session.get('csrf_token'))
|
||||
csrf_token=generate_csrf())
|
||||
|
||||
@main_bp.route('/settings/mails/<int:mail_id>')
|
||||
@login_required
|
||||
|
||||
Reference in New Issue
Block a user