projects / koha_ffzg / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Bug 20568: CSRF protection
[koha_ffzg] / koha-tmpl / opac-tmpl / bootstrap / en / modules / opac-apikeys.tt
1 [% INCLUDE 'doc-head-open.inc' %]
2 <title>[% IF ( LibraryNameTitle ) %][% LibraryNameTitle %][% ELSE %]Koha online[% END %] catalog &rsaquo; Your API keys</title>
3 [% INCLUDE 'doc-head-close.inc' %]
4 [% BLOCK cssinclude %][% END %]
5 </head>
6 [% INCLUDE 'bodytag.inc' bodyid='opac-user' bodyclass='scrollto' %]
7 [% INCLUDE 'masthead.inc' %]
8
9 <div class="main">
10     <ul class="breadcrumb">
11         <li><a href="/cgi-bin/koha/opac-main.pl">Home</a> <span class="divider">&rsaquo;</span></li>
12         <li>
13             <a href="/cgi-bin/koha/opac-user.pl">
14                 [% INCLUDE 'patron-title.inc' category_type=patron.category.category_type firstname=patron.firstname surname=patron.surname othernames=patron.othernames %]
15             </a>
16             <span class="divider">&rsaquo;</span>
17         </li>
18         <li><a href="/cgi-bin/koha/opac-apikeys.pl">Your API keys</a></li>
19     </ul>
20
21     <div class="container-fluid">
22         <div class="row-fluid">
23             <div class="span2">
24                 <div id="navigation">
25                     [% INCLUDE 'navigation.inc' IsPatronPage = 1 %]
26                 </div>
27             </div>
28             <div class="span10">
29                 <div id="apikeys" class="maincontent">
30                     <h1>Your API keys</h1>
31                     <p>
32                         <button id="show-api-form" style="display:none" class="btn btn-default btn-sm" type="button"><i class="fa fa-plus"></i> Generate new key</button>
33                     </p>
34                     <form id="add-api-key" action="/cgi-bin/koha/opac-apikeys.pl" method="post">
35                         <fieldset>
36                             <legend>Generate new client id/secret pair</legend>
37                             <input type="hidden" name="patron_id" value="[% patron.id %]" />
38                             <input type="hidden" name="csrf_token" value="[% csrf_token %]" />
39                             <input type="hidden" name="op" value="generate" />
40                             <label for="description">Description: </label>
41                             <input type="text" name="description" />
42                         </fieldset>
43                         <fieldset class="action">
44                             <button class="btn btn-default btn-sm" type="submit">Save</button> <a href="#" style="display:none" class="cancel cancel-api-key">Cancel</a>
45                         </fieldset>
46                     </form>
47                     [% IF api_keys && api_keys.size > 0 %]
48                         <table class="table table-bordered table-striped">
49                             <thead>
50                                 <tr>
51                                     <th>Description</th>
52                                     <th>Client ID</th>
53                                     <th>Secret</th>
54                                     <th>Active</th>
55                                     <th>Actions</th>
56                                 </tr>
57                             </thead>
58                             <tbody>
59                                 [% FOREACH key IN api_keys %]
60                                     <tr>
61                                         <td>[% key.description %]</td>
62                                         <td>[% key.client_id %]</td>
63                                         <td>[% key.secret %]</td>
64                                         <td>[% IF key.active %]Yes[% ELSE %]No[% END %]</td>
65                                         <td>
66                                             <form action="/cgi-bin/koha/opac-apikeys.pl" method="post" class="form-inline">
67                                                 <input type="hidden" name="key" value="[% key.id %]" />
68                                                 <input type="hidden" name="csrf_token" value="[% csrf_token %]" />
69                                                 <input type="hidden" name="op" value="delete" />
70                                                 <button class="btn btn-link btn-xs delete-key" type="submit"><i class="fa fa-trash"></i> Delete</button>
71                                             </form>
72                                             <form action="/cgi-bin/koha/opac-apikeys.pl" method="post" class="form-inline">
73                                                 <input type="hidden" name="key" value="[% key.id %]" />
74                                                 <input type="hidden" name="csrf_token" value="[% csrf_token %]" />
75                                                 [% IF key.active %]
76                                                     <input type="hidden" name="op" value="revoke" />
77                                                     <button class="btn btn-link btn-xs" type="submit"><i class="fa fa-remove"></i> Revoke</button>
78                                                 [% ELSE %]
79                                                     <input type="hidden" name="op" value="activate" />
80                                                     <button class="btn btn-link btn-xs" type="submit"><i class="fa fa-play"></i> Activate</button>
81                                                 [% END %]
82                                             </form>
83                                         </td>
84                                     </tr>
85                                 [% END %]
86                             </tbody>
87                         </table>
88                     [% ELSE %]
89                         <p>No keys defined for the current patron.</p>
90                     [% END %]
91                 </div> <!-- /#apikeys -->
92             </div> <!-- /.span10 -->
93         </div> <!-- /.row-fluid -->
94     </div> <!-- /.container-fluid -->
95 </div> <!-- /#main -->
96
97 [% BLOCK jsinclude %]
98     <script>
99         $(document).ready(function(){
100             $("#add-api-key, #show-api-form, .cancel-api-key").toggle();
101             $("#show-api-form, .cancel-api-key").on("click", function(){
102                 $("#add-api-key, #show-api-form").toggle();
103             });
104             $(".delete-key").on("click", function(){
105                 return confirm(_("Are you sure you want to delete this key?"));
106             });
107         });
108     </script>
109 [% END %]
110 [% INCLUDE 'opac-bottom.inc' %]
Unnamed repository; edit this file 'description' to name the repository.