Plume/templates/instance/users.html.tera
Bat d8ca1d70b7 Fix CSRF issues
GET routes are not protected against CSRF. This commit changes the needed URLs to
POST and replace simple links with forms.

Thanks @fdb-hiroshima for noticing it!
2018-09-19 18:13:07 +01:00

30 lines
1,004 B
Text

{% extends "base" %}
{% import "macros" as macros %}
{% block title %}
{{ "Users" | _ }}
{% endblock title %}
{% block content %}
<h1>{{ "Users" | _ }}</h1>
{{ macros::tabs(links=['/admin', '/admin/instances', '/admin/users'], titles=['Configuration', 'Instances', 'Users'], selected=3) }}
<div class="list">
{% for user in users %}
<div class="flex">
{{ macros::avatar(user=user) }}
<p class="grow">
<a href="/@/{{ user.fqn }}">{{ user.name }}</a>
<small>@{{ user.username }}</small>
</p>
{% if not user.is_admin %}
<form class="inline" method="post" href="/admin/users/{{ user.id }}/ban">
<input type="submit" value="{{ 'Ban' | _ }}">
</form>
{% endif %}
</div>
{% endfor %}
</div>
{{ macros::paginate(page=page, total=n_pages) }}
{% endblock content %}