You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2015/07/30 16:59:46 UTC

allura git commit: [#7942] require post for removing a custom group

Repository: allura
Updated Branches:
  refs/heads/db/7942 [created] 7075554e7


[#7942] require post for removing a custom group


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/7075554e
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/7075554e
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/7075554e

Branch: refs/heads/db/7942
Commit: 7075554e79c67fd988dbfbef7be6d51eb485cecf
Parents: 8f5dd48
Author: Dave Brondsema <db...@slashdotmedia.com>
Authored: Thu Jul 30 14:54:48 2015 +0000
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Thu Jul 30 14:54:48 2015 +0000

----------------------------------------------------------------------
 Allura/allura/ext/admin/admin_main.py        | 1 +
 Allura/allura/public/nf/js/project_groups.js | 6 ++++--
 2 files changed, 5 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/7075554e/Allura/allura/ext/admin/admin_main.py
----------------------------------------------------------------------
diff --git a/Allura/allura/ext/admin/admin_main.py b/Allura/allura/ext/admin/admin_main.py
index 5bde57c..ec61edb 100644
--- a/Allura/allura/ext/admin/admin_main.py
+++ b/Allura/allura/ext/admin/admin_main.py
@@ -1036,6 +1036,7 @@ class GroupsController(BaseController):
 
     @without_trailing_slash
     @expose()
+    @require_post()
     @h.vardec
     def delete_group(self, group_name, **kw):
         role = M.ProjectRole.by_name(group_name)

http://git-wip-us.apache.org/repos/asf/allura/blob/7075554e/Allura/allura/public/nf/js/project_groups.js
----------------------------------------------------------------------
diff --git a/Allura/allura/public/nf/js/project_groups.js b/Allura/allura/public/nf/js/project_groups.js
index a4c9ab9..99ecd12 100644
--- a/Allura/allura/public/nf/js/project_groups.js
+++ b/Allura/allura/public/nf/js/project_groups.js
@@ -43,8 +43,10 @@ $(function() {
   $('a.delete_group').click(function(evt){
     evt.preventDefault();
     var link = this;
-    if(confirm("Are you sure you want to remove the group? All users and groups in the group will lose its permissions.")){
-      $.get(link.href, function (data) {
+    var csrf = $.cookie('_session_id');
+    var data = {_session_id: csrf};
+    if(confirm("Are you sure you want to remove the group? All users and groups in the group will lose their permissions.")){
+      $.post(link.href, data, function(resp) {
         $(link).closest('tr').hide('fast');
       });
     }