summaryrefslogtreecommitdiff
path: root/app/views/expenses.py
diff options
context:
space:
mode:
authorRené 'Necoro' Neumann <necoro@necoro.net>2013-10-16 01:31:03 +0200
committerRené 'Necoro' Neumann <necoro@necoro.net>2013-10-16 01:31:03 +0200
commit3d2ba33917b5b72a5eaf57a3843ee9c8033d15c9 (patch)
tree19834310851470302a47dbe3a7b69f170fb97797 /app/views/expenses.py
parentd64e80b53fa82af41c6e49b9de08632348c3527a (diff)
downloadkosten-3d2ba33917b5b72a5eaf57a3843ee9c8033d15c9.tar.gz
kosten-3d2ba33917b5b72a5eaf57a3843ee9c8033d15c9.tar.bz2
kosten-3d2ba33917b5b72a5eaf57a3843ee9c8033d15c9.zip
Check user's authorisation when loading entries by ID.
Diffstat (limited to 'app/views/expenses.py')
-rw-r--r--app/views/expenses.py5
1 files changed, 4 insertions, 1 deletions
diff --git a/app/views/expenses.py b/app/views/expenses.py
index f5181e9..f36cbb4 100644
--- a/app/views/expenses.py
+++ b/app/views/expenses.py
@@ -1,13 +1,15 @@
from . import Blueprint, db, \
current_user, login_required, \
- templated, redirect, request
+ assert_authorisation, templated, redirect, request
from ..model import Category, SingleExpense, CatExpense, MonthExpense
from ..forms import ExpenseForm
import datetime, decimal
from sqlalchemy import sql, func
+from functools import partial
+assert_authorisation = partial(assert_authorisation, SingleExpense.get)
mod = Blueprint('expenses', __name__)
def expense_form(obj=None):
@@ -82,6 +84,7 @@ def show():
@mod.route('/edit/<int:id>', methods=('GET', 'POST'))
@login_required
+@assert_authorisation('id')
@templated()
def edit(id):
exp = SingleExpense.get(id)
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-09 15:27:00 +0000