Revize 5dc6d077
Přidáno uživatelem Matěj Zeman před asi 2 roky(ů)
server/sql_app/api/pcs_web.py | ||
---|---|---|
44 | 44 |
|
45 | 45 |
|
46 | 46 |
@pcs_web.get("/pc-team/{pc_id}", response_class=HTMLResponse) |
47 |
async def connect_pc_team(request: Request, pc_id: int, db: Session = Depends(get_db)): |
|
47 |
async def connect_pc_team(request: Request, pc_id: int, db: Session = Depends(get_db), |
|
48 |
Authorize: AuthJWT = Depends()): |
|
48 | 49 |
""" |
49 | 50 |
Returns template with Form for connecting pc with team |
50 | 51 |
""" |
52 |
Authorize.jwt_optional() |
|
53 |
current_user = Authorize.get_jwt_subject() |
|
54 |
if current_user != "admin": |
|
55 |
return RedirectResponse(url=f"/logs-web", status_code=303) |
|
51 | 56 |
pc = crud.get_pc(db, pc_id) |
52 | 57 |
teams = crud.get_teams(db, 0, 100) |
53 | 58 |
return templates.TemplateResponse("pcteam.html", |
... | ... | |
55 | 60 |
|
56 | 61 |
|
57 | 62 |
@pcs_web.post("/pcs-web/{pc_id}") |
58 |
async def connect_post(pc_id: int, team: str = Form(...), db: Session = Depends(get_db)): |
|
63 |
async def connect_post(pc_id: int, team: str = Form(...), db: Session = Depends(get_db), |
|
64 |
Authorize: AuthJWT = Depends()): |
|
59 | 65 |
""" |
60 | 66 |
Endpoint called from within form for connecting pc with team. Updates certain pc with new team. |
61 | 67 |
""" |
68 |
Authorize.jwt_optional() |
|
69 |
current_user = Authorize.get_jwt_subject() |
|
70 |
if current_user != "admin": |
|
71 |
return RedirectResponse(url=f"/logs-web", status_code=303) |
|
62 | 72 |
old_pc = crud.update_pc(db, pc_id, team) |
63 | 73 |
return RedirectResponse(url=f"/pcs-web", status_code=303) |
Také k dispozici: Unified diff
security fix for all endpoints. Added view for Licenses and html template on "/" with information about server endpoints.