diff options
| author | Piotr Dobrowolski <admin@tastycode.pl> | 2017-04-07 15:43:38 +0200 |
|---|---|---|
| committer | Piotr Dobrowolski <admin@tastycode.pl> | 2017-04-07 15:43:38 +0200 |
| commit | 644019c990d998e2c1300ed3db2c1c8ad9eab171 (patch) | |
| tree | 84946417d6e2be7b41e0528ba363bc6ac4eec6fa | |
| parent | ddeb9f522a177a29b6f0947f28c16dfd3de01eff (diff) | |
| download | bitvend-644019c990d998e2c1300ed3db2c1c8ad9eab171.tar.gz bitvend-644019c990d998e2c1300ed3db2c1c8ad9eab171.tar.bz2 bitvend-644019c990d998e2c1300ed3db2c1c8ad9eab171.tar.xz bitvend-644019c990d998e2c1300ed3db2c1c8ad9eab171.zip | |
Add current user check in transfer
| -rw-r--r-- | bitvend/forms.py | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/bitvend/forms.py b/bitvend/forms.py index 1f19577..212f3d2 100644 --- a/bitvend/forms.py +++ b/bitvend/forms.py @@ -1,5 +1,6 @@ from flask_wtf import FlaskForm from wtforms import StringField +from flask_login import current_user from bitvend.models import User from wtforms.fields.core import DecimalField from wtforms.validators import DataRequired, NumberRange, ValidationError @@ -31,9 +32,13 @@ def UserExists(form, field): if not User.query.get(field.data): raise ValidationError('User does not exist.') +def NotCurrentUser(form, field): + if field.data == current_user.uid: + raise ValidationError('Are you serious?') + class TransferForm(FlaskForm): target = StringField("Target user", validators=[ - DataRequired(), UserExists]) + DataRequired(), UserExists, NotCurrentUser]) amount = DecimalUnityField("Amount", default=0, validators=[ NumberRange(min=1), ]) |