Permalink
Browse files

HOT: add login security to accounts/ view, now need django 1.4

  • Loading branch information...
1 parent c676291 commit 39e17d4f7702ba0634719224264a3c6c1c3835a2 @yomguy committed Apr 12, 2012
Showing with 7 additions and 5 deletions.
  1. +1 −1 setup.py
  2. +6 −4 telemeta/views/base.py
View
@@ -14,7 +14,7 @@
author_email = "yomguy@parisson.com",
version = telemeta.__version__,
install_requires = [
- 'django>=1.3.1',
+ 'django>=1.4',
'django-registration',
'django-json-rpc',
'timeside',
View
@@ -422,6 +422,7 @@ def complete_location(self, request, with_items=True):
return HttpResponse("\n".join(data))
+ @method_decorator(login_required)
def users(self, request):
users = User.objects.all()
return render(request, 'telemeta/users.html', {'users': users})
@@ -1037,19 +1038,19 @@ def item_keywords_edit(self, request, public_id, template):
class AdminView(object):
"""Provide Admin web UI methods"""
- @method_decorator(permission_required('sites.change_site'))
+ @method_decorator(permission_required('is_superuser'))
def admin_index(self, request):
return render(request, 'telemeta/admin.html', self.__get_admin_context_vars())
- @method_decorator(permission_required('sites.change_site'))
+ @method_decorator(permission_required('is_superuser'))
def admin_general(self, request):
return render(request, 'telemeta/admin_general.html', self.__get_admin_context_vars())
- @method_decorator(permission_required('sites.change_site'))
+ @method_decorator(permission_required('is_superuser'))
def admin_enumerations(self, request):
return render(request, 'telemeta/admin_enumerations.html', self.__get_admin_context_vars())
- @method_decorator(permission_required('sites.change_site'))
+ @method_decorator(permission_required('is_superuser'))
def admin_users(self, request):
users = User.objects.all()
return render(request, 'telemeta/admin_users.html', {'users': users})
@@ -1398,6 +1399,7 @@ def profile_detail(self, request, username, template='telemeta/profile_detail.ht
return render(request, template, {'profile' : profile, 'usr': user, 'playlists': playlists,
'user_revisions': user_revisions})
+ @method_decorator(login_required)
def profile_edit(self, request, username, template='telemeta/profile_edit.html'):
if request.user.is_superuser:
user_hidden_fields = ['profile-user', 'user-password', 'user-last_login', 'user-date_joined']

0 comments on commit 39e17d4

Please sign in to comment.