Permalink
Browse files

BUGFIX: Fix ``admin_required`` decorator to not redirect connected us…

…ers with

        no admin credentials in infinite loop.
  • Loading branch information...
1 parent 7727e79 commit ce5208cccc9c239c300db3624b2af98535ae61f8 @mouadino mouadino committed Oct 2, 2012
Showing with 6 additions and 5 deletions.
  1. +6 −5 src/application/decorators.py
@@ -7,7 +7,7 @@
from functools import wraps
from google.appengine.api import users
-from flask import redirect, request
+from flask import redirect, request, abort
def login_required(func):
@@ -24,8 +24,9 @@ def admin_required(func):
"""Requires App Engine admin credentials"""
@wraps(func)
def decorated_view(*args, **kwargs):
- if not users.is_current_user_admin():
- return redirect(users.create_login_url(request.url))
- return func(*args, **kwargs)
+ if users.get_current_user():
+ if not users.is_current_user_admin():
+ abort(401) # Unauthorized
+ return func(*args, **kwargs)
+ return redirect(users.create_login_url(request.url))
return decorated_view
-

0 comments on commit ce5208c

Please sign in to comment.