diff --git a/larigira/dbadmin/__init__.py b/larigira/dbadmin/__init__.py index 6ab263b..e5c1c1c 100644 --- a/larigira/dbadmin/__init__.py +++ b/larigira/dbadmin/__init__.py @@ -126,15 +126,27 @@ def edit_time(alarmid): "add_time_kind.html", form=form, kind=kind, mode="edit", alarmid=alarmid ) +def is_xhr(): + return request.headers.get('x-requested-with') is not None @db.route("/add/time/", methods=["GET", "POST"]) def addtime_kind(kind): Form, receiver = tuple(forms.get_timeform(kind)) - form = Form() - if request.method == "POST" and form.validate(): - data = receiver(form) - eid = get_model().add_alarm(data) - return redirect(url_for("db.edit_event", alarmid=eid)) + form = Form(csrf_enabled=(not is_xhr())) + if request.method == "POST": + if form.validate(): + data = receiver(form) + eid = get_model().add_alarm(data) + if not is_xhr(): + return redirect(url_for("db.edit_event", alarmid=eid)) + else: + resp = jsonify(alarmid=eid) + resp.status_code = 201 + return resp + elif is_xhr(): + resp = jsonify(errors=form.errors) + resp.status_code = 400 + return resp return render_template("add_time_kind.html", form=form, kind=kind, mode="add") @@ -153,12 +165,17 @@ def addaudio(): @db.route("/add/audio/", methods=["GET", "POST"]) def addaudio_kind(kind): Form, receiver = tuple(forms.get_audioform(kind)) - form = Form() - if request.method == "POST" and form.validate(): - data = receiver(form) - model = current_app.larigira.controller.monitor.model - eid = model.add_action(data) - return jsonify(dict(inserted=eid, data=data)) + form = Form(csrf_enabled=(not is_xhr())) + if request.method == "POST": + if form.validate(): + data = receiver(form) + model = current_app.larigira.controller.monitor.model + eid = model.add_action(data) + return jsonify(dict(inserted=eid, data=data)) + else: + resp = jsonify(errors=form.errors) + resp.status_code = 400 + return resp return render_template( "add_audio_kind.html", form=form, kind=kind, suggestions=get_suggestions()