starred/WYGIWYH
1
0
Fork 0
mirror of https://github.com/eitchtee/WYGIWYH.git synced 2026-04-26 18:48:42 +02:00
Code Issues 14 Packages Projects Releases 10 Wiki Activity

fix(security): toasts and month_year_picker accessible without login

Browse Source
This commit is contained in:
Herculino Trotta
2025-01-27 21:41:55 -03:00
parent 13795c797f
commit 233b9629a2
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/apps/common/views.py
View File

@@ -4,14 +4,22 @@ from django.db.models.functions import ExtractYear, ExtractMonth
from django.shortcuts import render from django.shortcuts import render
from django.urls import reverse from django.urls import reverse
from django.utils import timezone from django.utils import timezone
from django.views.decorators.http import require_http_methods
from apps.common.decorators.htmx import only_htmx
from apps.transactions.models import Transaction from apps.transactions.models import Transaction
@only_htmx
@login_required
@require_http_methods(["GET"])
def toasts(request): def toasts(request):
return render(request, "common/fragments/toasts.html") return render(request, "common/fragments/toasts.html")
@only_htmx
@login_required
@require_http_methods(["GET"])
def month_year_picker(request): def month_year_picker(request):
field = request.GET.get("field", "reference_date") field = request.GET.get("field", "reference_date")
for_ = request.GET.get("for", None) for_ = request.GET.get("for", None)