Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add admin_required to admin_add_user
Access to the admin_add_user view should be restricted to administrators only. Unfortunately, I accidentally omitted the `@admin_required` decorator for this view. Since `@admin_required` encapsulates `@login_required`, this means that anybody with access to the Document Interface would be able to create a user accounts. This is a fix for the issue reported on Bugtraq: http://seclists.org/bugtraq/2015/Apr/8
- Loading branch information