From b7ba166fec4a29062d1db0588b865f151ab1d499 Mon Sep 17 00:00:00 2001
From: Martin Mares <mj@ucw.cz>
Date: Thu, 25 Mar 2021 13:00:04 +0100
Subject: [PATCH] =?UTF-8?q?Opravena=20editace=20=C3=BA=C4=8Dastn=C3=ADk?=
 =?UTF-8?q?=C5=AF=20a=20org=C5=AF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

form.validate_on_submit() se skutečnosti vůbec nekontroluje, že byl
submitnut tento konkrétní formulář. Proto je u endpointů, které obsluhují
více formulářů, nutné kontrolovat i submitovací tlačítko každého
formuláře. A pokud je to <button>, musí mít value, protože jinak se
pošle prázdný řetězec, který se vyhodnotí jako False.
---
 mo/web/org_users.py            | 4 ++--
 mo/web/templates/org_org.html  | 2 +-
 mo/web/templates/org_user.html | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/mo/web/org_users.py b/mo/web/org_users.py
index 97cd77b7..d3eb9d08 100644
--- a/mo/web/org_users.py
+++ b/mo/web/org_users.py
@@ -240,7 +240,7 @@ def org_org(id: int):
     resend_invite_form: Optional[ResendInviteForm] = None
     if rr.can_edit_user(user):
         resend_invite_form = ResendInviteForm()
-        if resend_invite_form.validate_on_submit():
+        if resend_invite_form.resend_invite.data and resend_invite_form.validate_on_submit():
             resend_invite_form.do(user)
             return redirect(url_for('org_org', id=id))
 
@@ -326,7 +326,7 @@ def org_user(id: int):
     resend_invite_form: Optional[ResendInviteForm] = None
     if rr.can_edit_user(user):
         resend_invite_form = ResendInviteForm()
-        if resend_invite_form.validate_on_submit():
+        if resend_invite_form.resend_invite.data and resend_invite_form.validate_on_submit():
             resend_invite_form.do(user)
             return redirect(url_for('org_user', id=id))
 
diff --git a/mo/web/templates/org_org.html b/mo/web/templates/org_org.html
index d32c01e4..f9b25110 100644
--- a/mo/web/templates/org_org.html
+++ b/mo/web/templates/org_org.html
@@ -22,7 +22,7 @@
 {% if resend_invite_form %}
 <form method=POST class='btn-group' onsubmit='return confirm("Poslat organizátorovi e-mail s odkazem na vytvoření hesla?");'>
 	{{ resend_invite_form.csrf_token }}
-	<button class="btn btn-default" type='submit' name='resend_invite'>
+	<button class="btn btn-default" type='submit' name='resend_invite' value='yes'>
 		{% if user.last_login_at %}Resetovat heslo{% else %}Znovu poslat zvací e-mail{% endif %}
 	</button>
 </form>
diff --git a/mo/web/templates/org_user.html b/mo/web/templates/org_user.html
index 98b09ce2..51d9027b 100644
--- a/mo/web/templates/org_user.html
+++ b/mo/web/templates/org_user.html
@@ -22,7 +22,7 @@
 {% if resend_invite_form %}
 <form method=POST class='btn-group' onsubmit='return confirm("Poslat účastníkovi e-mail s odkazem na vytvoření hesla?");'>
 	{{ resend_invite_form.csrf_token }}
-	<button class="btn btn-default" type='submit' name='resend_invite'>
+	<button class="btn btn-default" type='submit' name='resend_invite' value='yes'>
 		{% if user.last_login_at %}Resetovat heslo{% else %}Znovu poslat zvací e-mail{% endif %}
 	</button>
 </form>
-- 
GitLab