added XSRF protection to all forms and associated tests

[bluechips.git] / bluechips / templates / spend / index.mako

diff --git a/bluechips/templates/spend/index.mako b/bluechips/templates/spend/index.mako
index dc2f606070dd8a4cd8164164092674fd23ab16d7..ff388a3eecace604ab6cb86bd8cb13efb9245091 100644 (file)
--- a/bluechips/templates/spend/index.mako
+++ b/bluechips/templates/spend/index.mako
@@ -5,6 +5,7 @@
 %>
 
 <form action="${h.url_for(controller='spend', action='update', id=c.expenditure.id)}" method="post">
+  ${h.auth_token_hidden_field()}
   <table class="form">
     <tr>
       <th><label for="spender_id">Spender</label></th>
@@ -30,19 +31,10 @@
     % for ii, user_row in enumerate(c.users):
       <%
         user_id, user = user_row
-        try:
-            percent = c.values['shares-%d.amount' % ii]
-        except TypeError:
-            try:
-                share = [s.share for s in c.expenditure.splits if s.user == user][0]
-                percent = (Decimal(100) * Decimal(int(share)) / Decimal(int(c.expenditure.amount))).quantize(Decimal("0.001"))
-            except IndexError:
-                percent = 0
+        percent = c.values['shares-%d.amount' % ii]
       %>
       <tr>
-        <th>
-          <label for="shares-${ii}amount">${user.name}</label>
-        </th>
+        <th><label for="shares-${ii}amount">${user.name}</label></th>
         <td>
           ${h.text('shares-%d.amount' % ii, percent)}
           ${h.hidden('shares-%d.user_id' % ii, user.id)}