mirror of
https://git.joinplu.me/Plume/Plume.git
synced 2024-12-30 14:00:31 +00:00
d8ca1d70b7
GET routes are not protected against CSRF. This commit changes the needed URLs to POST and replace simple links with forms. Thanks @fdb-hiroshima for noticing it!
30 lines
1,004 B
Text
30 lines
1,004 B
Text
{% extends "base" %}
|
|
{% import "macros" as macros %}
|
|
|
|
{% block title %}
|
|
{{ "Users" | _ }}
|
|
{% endblock title %}
|
|
|
|
{% block content %}
|
|
<h1>{{ "Users" | _ }}</h1>
|
|
|
|
{{ macros::tabs(links=['/admin', '/admin/instances', '/admin/users'], titles=['Configuration', 'Instances', 'Users'], selected=3) }}
|
|
|
|
<div class="list">
|
|
{% for user in users %}
|
|
<div class="flex">
|
|
{{ macros::avatar(user=user) }}
|
|
<p class="grow">
|
|
<a href="/@/{{ user.fqn }}">{{ user.name }}</a>
|
|
<small>@{{ user.username }}</small>
|
|
</p>
|
|
{% if not user.is_admin %}
|
|
<form class="inline" method="post" href="/admin/users/{{ user.id }}/ban">
|
|
<input type="submit" value="{{ 'Ban' | _ }}">
|
|
</form>
|
|
{% endif %}
|
|
</div>
|
|
{% endfor %}
|
|
</div>
|
|
{{ macros::paginate(page=page, total=n_pages) }}
|
|
{% endblock content %}
|