Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

BUGFIX: Fix ``admin_required`` decorator to not redirect connected us…

…ers with

        no admin credentials in infinite loop.
  • Loading branch information...
commit ce5208cccc9c239c300db3624b2af98535ae61f8 1 parent 7727e79
@mouadino mouadino authored
Showing with 6 additions and 5 deletions.
  1. +6 −5 src/application/decorators.py
View
11 src/application/decorators.py
@@ -7,7 +7,7 @@
from functools import wraps
from google.appengine.api import users
-from flask import redirect, request
+from flask import redirect, request, abort
def login_required(func):
@@ -24,8 +24,9 @@ def admin_required(func):
"""Requires App Engine admin credentials"""
@wraps(func)
def decorated_view(*args, **kwargs):
- if not users.is_current_user_admin():
- return redirect(users.create_login_url(request.url))
- return func(*args, **kwargs)
+ if users.get_current_user():
+ if not users.is_current_user_admin():
+ abort(401) # Unauthorized
+ return func(*args, **kwargs)
+ return redirect(users.create_login_url(request.url))
return decorated_view
-
Please sign in to comment.
Something went wrong with that request. Please try again.