From 6f1472addb401bf21b0d4feb9dd755d6e8892f09 Mon Sep 17 00:00:00 2001
From: rubenwardy <rw@rubenwardy.com>
Date: Fri, 24 Jan 2020 19:26:00 +0000
Subject: Add ability to limit APITokens to a package

---
 app/blueprints/api/tokens.py | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'app/blueprints/api/tokens.py')

diff --git a/app/blueprints/api/tokens.py b/app/blueprints/api/tokens.py
index fcc22bb..b8da78d 100644
--- a/app/blueprints/api/tokens.py
+++ b/app/blueprints/api/tokens.py
@@ -29,6 +29,8 @@ from wtforms.ext.sqlalchemy.fields import QuerySelectField
 
 class CreateAPIToken(FlaskForm):
 	name	     = StringField("Name", [InputRequired(), Length(1, 30)])
+	package      = QuerySelectField("Limit to package", allow_blank=True, \
+			get_pk=lambda a: a.id, get_label=lambda a: a.title)
 	submit	     = SubmitField("Save")
 
 
@@ -70,6 +72,8 @@ def create_edit_token(username, id=None):
 		access_token = session.pop("token_" + str(id), None)
 
 	form = CreateAPIToken(formdata=request.form, obj=token)
+	form.package.query_factory = lambda: Package.query.filter_by(author=user).all()
+
 	if request.method == "POST" and form.validate():
 		if is_new:
 			token = APIToken()
-- 
cgit v1.2.3