elif token.owner != user:
abort(403)
- access_token = session.pop("token_" + str(id), None)
+ access_token = session.pop("token_" + str(token.id), None)
form = CreateAPIToken(formdata=request.form, obj=token)
form.package.query_factory = lambda: Package.query.filter_by(author=user).all()
token.owner = user
token.access_token = randomString(32)
- # Store token so it can be shown in the edit page
- session["token_" + str(token.id)] = token.access_token
-
form.populate_obj(token)
db.session.add(token)
db.session.commit() # save
+ if is_new:
+ # Store token so it can be shown in the edit page
+ session["token_" + str(token.id)] = token.access_token
+
return redirect(url_for("api.create_edit_token", username=username, id=token.id))
return render_template("api/create_edit_token.html", user=user, form=form, token=token, access_token=access_token)
if not user.checkPerm(current_user, Permission.CREATE_TOKEN):
abort(403)
- is_new = id is None
-
token = APIToken.query.get(id)
if token is None:
abort(404)