Permalink
Browse files

changed permission check in API from IsAuthenticated to IsAdminUser

  • Loading branch information...
1 parent 3aa785a commit 3c362920e5624fc457b5c74fd51d459340a74dd0 @dbunskoek dbunskoek committed Dec 6, 2012
Showing with 10 additions and 8 deletions.
  1. +10 −8 fiber/rest_api/views.py
View
@@ -2,7 +2,7 @@
from django.core.urlresolvers import reverse
from djangorestframework.views import View
-from djangorestframework.permissions import IsAuthenticated
+from djangorestframework.permissions import IsAdminUser
from djangorestframework.views import ListOrCreateModelView, InstanceModelView
from djangorestframework.mixins import PaginatorMixin
from djangorestframework.status import HTTP_400_BAD_REQUEST, HTTP_403_FORBIDDEN
@@ -31,7 +31,7 @@ class ApiRoot(View):
The root view for the rest api.
"""
- permissions = (IsAuthenticated, )
+ permissions = (IsAdminUser, )
renderers = API_RENDERERS
def get(self, request):
@@ -46,7 +46,7 @@ def get(self, request):
class ListView(ListOrCreateModelView):
- permissions = (IsAuthenticated, )
+ permissions = (IsAdminUser, )
renderers = API_RENDERERS
def post(self, request, *args, **kwargs):
@@ -59,13 +59,15 @@ def post(self, request, *args, **kwargs):
class TreeListView(View):
+
+ permissions = (IsAdminUser, )
renderers = API_RENDERERS
-
+
def get(self, request):
"""
Provide jqTree data for the PageSelect dialog.
"""
- return Page.objects.create_jqtree_data(request.user)
+ return Page.objects.create_jqtree_data(request.user)
class PaginatedListView(PaginatorMixin, ListView):
@@ -148,7 +150,7 @@ def get_queryset(self, *args, **kwargs):
class InstanceView(InstanceModelView):
- permissions = (IsAuthenticated, )
+ permissions = (IsAdminUser, )
renderers = API_RENDERERS
def delete(self, request, pk):
@@ -159,7 +161,7 @@ def delete(self, request, pk):
class MovePageView(View):
- permissions = (IsAuthenticated, )
+ permissions = (IsAdminUser, )
renderers = API_RENDERERS
form = MovePageForm
@@ -180,7 +182,7 @@ def put(self, request, pk):
class MovePageContentItemView(View):
- permissions = (IsAuthenticated, )
+ permissions = (IsAdminUser, )
renderers = API_RENDERERS
form = MovePageContentItemForm

0 comments on commit 3c36292

Please sign in to comment.