From b0601a0958d48d098e9ee07823d6b797cde44fe0 Mon Sep 17 00:00:00 2001 From: Mouse Reeve Date: Fri, 1 Sep 2023 16:59:56 -0700 Subject: [PATCH] Makes deleting announcements only work via POST --- bookwyrm/views/admin/announcements.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bookwyrm/views/admin/announcements.py b/bookwyrm/views/admin/announcements.py index 0b5ce9fa4..c5a7c80ff 100644 --- a/bookwyrm/views/admin/announcements.py +++ b/bookwyrm/views/admin/announcements.py @@ -5,6 +5,7 @@ from django.shortcuts import get_object_or_404, redirect from django.template.response import TemplateResponse from django.utils.decorators import method_decorator from django.views import View +from django.views.decorators.http import require_POST from bookwyrm import forms, models from bookwyrm.settings import PAGE_LENGTH @@ -108,6 +109,7 @@ class EditAnnouncement(View): @login_required @permission_required("bookwyrm.edit_instance_settings", raise_exception=True) +@require_POST def delete_announcement(_, announcement_id): """delete announcement""" announcement = get_object_or_404(models.Announcement, id=announcement_id)