diff options
author | René 'Necoro' Neumann <necoro@necoro.net> | 2013-10-16 01:31:03 +0200 |
---|---|---|
committer | René 'Necoro' Neumann <necoro@necoro.net> | 2013-10-16 01:31:03 +0200 |
commit | 3d2ba33917b5b72a5eaf57a3843ee9c8033d15c9 (patch) | |
tree | 19834310851470302a47dbe3a7b69f170fb97797 /app/views/expenses.py | |
parent | d64e80b53fa82af41c6e49b9de08632348c3527a (diff) | |
download | kosten-3d2ba33917b5b72a5eaf57a3843ee9c8033d15c9.tar.gz kosten-3d2ba33917b5b72a5eaf57a3843ee9c8033d15c9.tar.bz2 kosten-3d2ba33917b5b72a5eaf57a3843ee9c8033d15c9.zip |
Check user's authorisation when loading entries by ID.
Diffstat (limited to 'app/views/expenses.py')
-rw-r--r-- | app/views/expenses.py | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/app/views/expenses.py b/app/views/expenses.py index f5181e9..f36cbb4 100644 --- a/app/views/expenses.py +++ b/app/views/expenses.py @@ -1,13 +1,15 @@ from . import Blueprint, db, \ current_user, login_required, \ - templated, redirect, request + assert_authorisation, templated, redirect, request from ..model import Category, SingleExpense, CatExpense, MonthExpense from ..forms import ExpenseForm import datetime, decimal from sqlalchemy import sql, func +from functools import partial +assert_authorisation = partial(assert_authorisation, SingleExpense.get) mod = Blueprint('expenses', __name__) def expense_form(obj=None): @@ -82,6 +84,7 @@ def show(): @mod.route('/edit/<int:id>', methods=('GET', 'POST')) @login_required +@assert_authorisation('id') @templated() def edit(id): exp = SingleExpense.get(id) |