BUGFIX: Fix admin_required decorator to not redirect connected us…

…ers with no admin credentials in infinite loop.
kamalgill · Oct 2, 2012 · ce5208c · ce5208c
1 parent 7727e79
commit ce5208c
Showing 1 changed file with 6 additions and 5 deletions.
diff --git a/src/application/decorators.py b/src/application/decorators.py
@@ -7,7 +7,7 @@
 
 from functools import wraps
 from google.appengine.api import users
-from flask import redirect, request
+from flask import redirect, request, abort
 
 
 def login_required(func):
@@ -24,8 +24,9 @@ def admin_required(func):
     """Requires App Engine admin credentials"""
     @wraps(func)
     def decorated_view(*args, **kwargs):
-        if not users.is_current_user_admin():
-            return redirect(users.create_login_url(request.url))
-        return func(*args, **kwargs)
+        if users.get_current_user():
+            if not users.is_current_user_admin():
+                abort(401)  # Unauthorized
+            return func(*args, **kwargs)
+        return redirect(users.create_login_url(request.url))
     return decorated_view
-