diff --git a/app/apps/accounts/views/account_groups.py b/app/apps/accounts/views/account_groups.py index c7089b3..2c0f70c 100644 --- a/app/apps/accounts/views/account_groups.py +++ b/app/apps/accounts/views/account_groups.py @@ -2,9 +2,7 @@ from django.contrib import messages from django.contrib.auth.decorators import login_required from django.http import HttpResponse from django.shortcuts import render, get_object_or_404 -from django.urls import reverse from django.utils.translation import gettext_lazy as _ -from django.views.decorators.csrf import csrf_exempt from django.views.decorators.http import require_http_methods from apps.accounts.forms import AccountGroupForm @@ -89,7 +87,6 @@ def account_group_edit(request, pk): @only_htmx @login_required -@csrf_exempt @require_http_methods(["DELETE"]) def account_group_delete(request, pk): account_group = get_object_or_404(AccountGroup, id=pk) diff --git a/app/apps/accounts/views/accounts.py b/app/apps/accounts/views/accounts.py index 922bc78..a6bffa2 100644 --- a/app/apps/accounts/views/accounts.py +++ b/app/apps/accounts/views/accounts.py @@ -2,9 +2,7 @@ from django.contrib import messages from django.contrib.auth.decorators import login_required from django.http import HttpResponse from django.shortcuts import render, get_object_or_404 -from django.urls import reverse from django.utils.translation import gettext_lazy as _ -from django.views.decorators.csrf import csrf_exempt from django.views.decorators.http import require_http_methods from apps.accounts.forms import AccountForm @@ -89,7 +87,6 @@ def account_edit(request, pk): @only_htmx @login_required -@csrf_exempt @require_http_methods(["DELETE"]) def account_delete(request, pk): account = get_object_or_404(Account, id=pk) diff --git a/app/apps/currencies/views/currencies.py b/app/apps/currencies/views/currencies.py index 81d9ae7..1fa431a 100644 --- a/app/apps/currencies/views/currencies.py +++ b/app/apps/currencies/views/currencies.py @@ -2,9 +2,7 @@ from django.contrib import messages from django.contrib.auth.decorators import login_required from django.http import HttpResponse from django.shortcuts import render, get_object_or_404 -from django.urls import reverse from django.utils.translation import gettext_lazy as _ -from django.views.decorators.csrf import csrf_exempt from django.views.decorators.http import require_http_methods from apps.common.decorators.htmx import only_htmx @@ -89,7 +87,6 @@ def currency_edit(request, pk): @only_htmx @login_required -@csrf_exempt @require_http_methods(["DELETE"]) def currency_delete(request, pk): currency = get_object_or_404(Currency, id=pk) diff --git a/app/apps/currencies/views/exchange_rates.py b/app/apps/currencies/views/exchange_rates.py index 46ef4a2..f7e9ed4 100644 --- a/app/apps/currencies/views/exchange_rates.py +++ b/app/apps/currencies/views/exchange_rates.py @@ -1,12 +1,11 @@ from django.contrib import messages from django.contrib.auth.decorators import login_required from django.core.paginator import Paginator -from django.db.models import F, CharField, Value +from django.db.models import CharField, Value from django.db.models.functions import Concat from django.http import HttpResponse from django.shortcuts import render, get_object_or_404 from django.utils.translation import gettext_lazy as _ -from django.views.decorators.csrf import csrf_exempt from django.views.decorators.http import require_http_methods from apps.common.decorators.htmx import only_htmx @@ -135,7 +134,6 @@ def exchange_rate_edit(request, pk): @only_htmx @login_required -@csrf_exempt @require_http_methods(["DELETE"]) def exchange_rate_delete(request, pk): exchange_rate = get_object_or_404(ExchangeRate, id=pk) diff --git a/app/apps/dca/views.py b/app/apps/dca/views.py index 045167f..547b9ef 100644 --- a/app/apps/dca/views.py +++ b/app/apps/dca/views.py @@ -6,12 +6,11 @@ from django.db.models.functions import TruncMonth from django.http import HttpResponse from django.shortcuts import render, get_object_or_404 from django.utils.translation import gettext_lazy as _ -from django.views.decorators.csrf import csrf_exempt from django.views.decorators.http import require_http_methods from apps.common.decorators.htmx import only_htmx -from apps.dca.models import DCAStrategy, DCAEntry from apps.dca.forms import DCAEntryForm, DCAStrategyForm +from apps.dca.models import DCAStrategy, DCAEntry @login_required @@ -82,7 +81,6 @@ def strategy_edit(request, strategy_id): @only_htmx @login_required -@csrf_exempt @require_http_methods(["DELETE"]) def strategy_delete(request, strategy_id): dca_strategy = get_object_or_404(DCAStrategy, id=strategy_id) @@ -209,7 +207,6 @@ def strategy_entry_edit(request, strategy_id, entry_id): @only_htmx @login_required -@csrf_exempt @require_http_methods(["DELETE"]) def strategy_entry_delete(request, entry_id, strategy_id): dca_entry = get_object_or_404(DCAEntry, id=entry_id, strategy__id=strategy_id) diff --git a/app/apps/import_app/views.py b/app/apps/import_app/views.py index 1069eca..434a75b 100644 --- a/app/apps/import_app/views.py +++ b/app/apps/import_app/views.py @@ -5,15 +5,14 @@ from django.contrib.auth.decorators import login_required from django.core.files.storage import FileSystemStorage from django.http import HttpResponse from django.shortcuts import render, get_object_or_404 -from django.views.decorators.csrf import csrf_exempt -from django.views.decorators.http import require_http_methods from django.utils.translation import gettext_lazy as _ +from django.views.decorators.http import require_http_methods from apps.common.decorators.htmx import only_htmx from apps.import_app.forms import ImportRunFileUploadForm, ImportProfileForm from apps.import_app.models import ImportRun, ImportProfile -from apps.import_app.tasks import process_import from apps.import_app.services import PresetService +from apps.import_app.tasks import process_import def import_view(request): @@ -66,9 +65,9 @@ def import_profile_list(request): @login_required @require_http_methods(["GET", "POST"]) def import_profile_add(request): - message = request.GET.get("message", None) or request.POST.get("message", None) + message = request.POST.get("message", None) - if request.method == "POST": + if request.method == "POST" and request.POST.get("submit"): form = ImportProfileForm(request.POST) if form.is_valid(): @@ -84,9 +83,9 @@ def import_profile_add(request): else: form = ImportProfileForm( initial={ - "name": request.GET.get("name"), - "version": int(request.GET.get("version", 1)), - "yaml_config": request.GET.get("yaml_config"), + "name": request.POST.get("name"), + "version": int(request.POST.get("version", 1)), + "yaml_config": request.POST.get("yaml_config"), } ) @@ -128,7 +127,6 @@ def import_profile_edit(request, profile_id): @only_htmx @login_required -@csrf_exempt @require_http_methods(["DELETE"]) def import_profile_delete(request, profile_id): profile = ImportProfile.objects.get(id=profile_id) @@ -213,7 +211,6 @@ def import_run_add(request, profile_id): @only_htmx @login_required -@csrf_exempt @require_http_methods(["DELETE"]) def import_run_delete(request, profile_id, run_id): run = ImportRun.objects.get(profile__id=profile_id, id=run_id) diff --git a/app/apps/rules/views.py b/app/apps/rules/views.py index 0ea1fd9..0d87d8c 100644 --- a/app/apps/rules/views.py +++ b/app/apps/rules/views.py @@ -3,7 +3,6 @@ from django.contrib.auth.decorators import login_required from django.http import HttpResponse from django.shortcuts import render, get_object_or_404, redirect from django.utils.translation import gettext_lazy as _ -from django.views.decorators.csrf import csrf_exempt from django.views.decorators.http import require_http_methods from apps.common.decorators.htmx import only_htmx @@ -118,7 +117,6 @@ def transaction_rule_view(request, transaction_rule_id): @only_htmx @login_required -@csrf_exempt @require_http_methods(["DELETE"]) def transaction_rule_delete(request, transaction_rule_id): transaction_rule = get_object_or_404(TransactionRule, id=transaction_rule_id) @@ -201,7 +199,6 @@ def transaction_rule_action_edit(request, transaction_rule_action_id): @only_htmx @login_required -@csrf_exempt @require_http_methods(["DELETE"]) def transaction_rule_action_delete(request, transaction_rule_action_id): transaction_rule_action = get_object_or_404( diff --git a/app/apps/transactions/views/categories.py b/app/apps/transactions/views/categories.py index 1f6fea5..a2779c8 100644 --- a/app/apps/transactions/views/categories.py +++ b/app/apps/transactions/views/categories.py @@ -2,9 +2,7 @@ from django.contrib import messages from django.contrib.auth.decorators import login_required from django.http import HttpResponse from django.shortcuts import render, get_object_or_404 -from django.urls import reverse from django.utils.translation import gettext_lazy as _ -from django.views.decorators.csrf import csrf_exempt from django.views.decorators.http import require_http_methods from apps.common.decorators.htmx import only_htmx @@ -111,7 +109,6 @@ def category_edit(request, category_id): @only_htmx @login_required -@csrf_exempt @require_http_methods(["DELETE"]) def category_delete(request, category_id): category = get_object_or_404(TransactionCategory, id=category_id) diff --git a/app/apps/transactions/views/entities.py b/app/apps/transactions/views/entities.py index 8252642..1104941 100644 --- a/app/apps/transactions/views/entities.py +++ b/app/apps/transactions/views/entities.py @@ -3,7 +3,6 @@ from django.contrib.auth.decorators import login_required from django.http import HttpResponse from django.shortcuts import render, get_object_or_404 from django.utils.translation import gettext_lazy as _ -from django.views.decorators.csrf import csrf_exempt from django.views.decorators.http import require_http_methods from apps.common.decorators.htmx import only_htmx @@ -110,7 +109,6 @@ def entity_edit(request, entity_id): @only_htmx @login_required -@csrf_exempt @require_http_methods(["DELETE"]) def entity_delete(request, entity_id): entity = get_object_or_404(TransactionEntity, id=entity_id) diff --git a/app/apps/transactions/views/installment_plans.py b/app/apps/transactions/views/installment_plans.py index 6c330ec..c437a05 100644 --- a/app/apps/transactions/views/installment_plans.py +++ b/app/apps/transactions/views/installment_plans.py @@ -4,7 +4,6 @@ from django.http import HttpResponse from django.shortcuts import render, get_object_or_404 from django.utils import timezone from django.utils.translation import gettext_lazy as _ -from django.views.decorators.csrf import csrf_exempt from django.views.decorators.http import require_http_methods from apps.common.decorators.htmx import only_htmx @@ -152,7 +151,6 @@ def installment_plan_refresh(request, installment_plan_id): @only_htmx @login_required -@csrf_exempt @require_http_methods(["DELETE"]) def installment_plan_delete(request, installment_plan_id): installment_plan = get_object_or_404(InstallmentPlan, id=installment_plan_id) diff --git a/app/apps/transactions/views/recurring_transactions.py b/app/apps/transactions/views/recurring_transactions.py index 6b7f9e9..7b59fe3 100644 --- a/app/apps/transactions/views/recurring_transactions.py +++ b/app/apps/transactions/views/recurring_transactions.py @@ -1,5 +1,4 @@ from dateutil.relativedelta import relativedelta - from django.contrib import messages from django.contrib.auth.decorators import login_required from django.db.models import Q @@ -7,7 +6,6 @@ from django.http import HttpResponse from django.shortcuts import render, get_object_or_404 from django.utils import timezone from django.utils.translation import gettext_lazy as _ -from django.views.decorators.csrf import csrf_exempt from django.views.decorators.http import require_http_methods from apps.common.decorators.htmx import only_htmx @@ -230,7 +228,6 @@ def recurring_transaction_finish(request, recurring_transaction_id): @only_htmx @login_required -@csrf_exempt @require_http_methods(["DELETE"]) def recurring_transaction_delete(request, recurring_transaction_id): recurring_transaction = get_object_or_404( diff --git a/app/apps/transactions/views/tags.py b/app/apps/transactions/views/tags.py index fdc66da..0157641 100644 --- a/app/apps/transactions/views/tags.py +++ b/app/apps/transactions/views/tags.py @@ -3,7 +3,6 @@ from django.contrib.auth.decorators import login_required from django.http import HttpResponse from django.shortcuts import render, get_object_or_404 from django.utils.translation import gettext_lazy as _ -from django.views.decorators.csrf import csrf_exempt from django.views.decorators.http import require_http_methods from apps.common.decorators.htmx import only_htmx @@ -110,7 +109,6 @@ def tag_edit(request, tag_id): @only_htmx @login_required -@csrf_exempt @require_http_methods(["DELETE"]) def tag_delete(request, tag_id): tag = get_object_or_404(TransactionTag, id=tag_id) diff --git a/app/apps/transactions/views/transactions.py b/app/apps/transactions/views/transactions.py index 1869064..d6c3b83 100644 --- a/app/apps/transactions/views/transactions.py +++ b/app/apps/transactions/views/transactions.py @@ -8,7 +8,6 @@ from django.http import HttpResponse from django.shortcuts import render, get_object_or_404 from django.utils import timezone from django.utils.translation import gettext_lazy as _ -from django.views.decorators.csrf import csrf_exempt from django.views.decorators.http import require_http_methods from apps.common.decorators.htmx import only_htmx @@ -143,7 +142,6 @@ def transaction_clone(request, transaction_id, **kwargs): @only_htmx @login_required -@csrf_exempt @require_http_methods(["DELETE"]) def transaction_delete(request, transaction_id, **kwargs): transaction = get_object_or_404(Transaction, id=transaction_id) diff --git a/app/templates/import_app/fragments/profiles/list_presets.html b/app/templates/import_app/fragments/profiles/list_presets.html index 0b64342..ba22a00 100644 --- a/app/templates/import_app/fragments/profiles/list_presets.html +++ b/app/templates/import_app/fragments/profiles/list_presets.html @@ -20,7 +20,7 @@ {% for preset in presets %} diff --git a/app/templates/layouts/base.html b/app/templates/layouts/base.html index 6545aa9..90f0384 100644 --- a/app/templates/layouts/base.html +++ b/app/templates/layouts/base.html @@ -28,7 +28,8 @@
+ {% block body_hyperscript %}{% endblock %}" + hx-headers='{"X-CSRFToken": "{{ csrf_token }}"}'> {% include 'includes/navbar.html' %}