fix: start/stop being root should submit POST instead of GET

obviously it's access-restricted anyway but this just seems more correct but more importantly this makes the referrer explicit, since for some unknown reason i am suddenly seeing that be blank for certain installs where that wasn't the case before (?) - and the result was that every time you start/stop being root you would be redirected to home page instead of remaining on current page
2024-06-28 17:34:54 -05:00 · 2024-06-28 17:34:54 -05:00 · ec5ed490d9
parent d17bd35909
commit ec5ed490d9
2 changed files with 31 additions and 2 deletions
--- a/tailbone/templates/themes/butterball/base.mako
+++ b/tailbone/templates/themes/butterball/base.mako
@ -924,9 +924,23 @@
        % endif
        <div class="navbar-dropdown">
          % if request.is_root:
-              ${h.link_to("Stop being root", url('stop_root'), class_='navbar-item has-background-danger has-text-white')}
+              ${h.form(url('stop_root'), ref='stopBeingRootForm')}
+              ${h.csrf_token(request)}
+              <input type="hidden" name="referrer" value="${request.current_route_url()}" />
+              <a @click="stopBeingRoot()"
+                 class="navbar-item has-background-danger has-text-white">
+                Stop being root
+              </a>
+              ${h.end_form()}
          % elif request.is_admin:
-              ${h.link_to("Become root", url('become_root'), class_='navbar-item has-background-danger has-text-white')}
+              ${h.form(url('become_root'), ref='startBeingRootForm')}
+              ${h.csrf_token(request)}
+              <input type="hidden" name="referrer" value="${request.current_route_url()}" />
+              <a @click="startBeingRoot()"
+                 class="navbar-item has-background-danger has-text-white">
+                Become root
+              </a>
+              ${h.end_form()}
          % endif
          % if messaging_enabled:
              ${h.link_to("Messages{}".format(" ({})".format(inbox_count) if inbox_count else ''), url('messages.inbox'), class_='navbar-item')}
@ -1109,6 +1123,18 @@
                const key = 'menu_' + hash + '_shown'
                this[key] = !this[key]
            },
+
+            % if request.is_admin:
+
+                startBeingRoot() {
+                    this.$refs.startBeingRootForm.submit()
+                },
+
+                stopBeingRoot() {
+                    this.$refs.stopBeingRootForm.submit()
+                },
+
+            % endif
        },
    }

--- a/tailbone/views/auth.py
+++ b/tailbone/views/auth.py
@ -238,6 +238,9 @@ class AuthenticationView(View):
        config.add_view(cls, attr='change_password', route_name='change_password', renderer='/change_password.mako')

        # become/stop root
+        # TODO: these should require POST but i won't bother until
+        # after butterball becomes default theme..or probably should
+        # just refactor the falafel theme accordingly..?
        config.add_route('become_root', '/root/yes')
        config.add_view(cls, attr='become_root', route_name='become_root')
        config.add_route('stop_root', '/root/no')