HOT: add login security to accounts/ view, now need django 1.4

author yomguy <yomguy@parisson.com>

Thu, 12 Apr 2012 11:12:37 +0000 (13:12 +0200)

committer yomguy <yomguy@parisson.com>

Thu, 12 Apr 2012 11:12:37 +0000 (13:12 +0200)
author yomguy <yomguy@parisson.com>
Thu, 12 Apr 2012 11:12:37 +0000 (13:12 +0200)
committer yomguy <yomguy@parisson.com>
Thu, 12 Apr 2012 11:12:37 +0000 (13:12 +0200)
diff --git a/setup.py b/setup.py

index ba15c0710b9c09c7330e9e87fdeb19c856b7a6b0..acff376c65a334967fb3b7eaaccd5103804b5bae 100644 (file)
--- a/setup.py
+++ b/setup.py
@@ -14,7 +14,7 @@ setup(
    author_email = "yomguy@parisson.com",
    version = telemeta.__version__,
    install_requires = [
-        'django>=1.3.1',
+        'django>=1.4',
          'django-registration',
          'django-json-rpc',
          'timeside',
diff --git a/telemeta/views/base.py b/telemeta/views/base.py

index d2a8771ce976a96ccc2d7d28262ddd6a3d097e30..145054f2b46248519ee04823523036155c2eaa84 100644 (file)
--- a/telemeta/views/base.py
+++ b/telemeta/views/base.py
@@ -422,6 +422,7 @@ class GeneralView(object):
  
          return HttpResponse("\n".join(data))
  
+    @method_decorator(login_required)
      def users(self, request):
          users = User.objects.all()
          return render(request, 'telemeta/users.html', {'users': users})
@@ -1037,19 +1038,19 @@ class ItemView(object):
  class AdminView(object):
      """Provide Admin web UI methods"""
  
-    @method_decorator(permission_required('sites.change_site'))
+    @method_decorator(permission_required('is_superuser'))
      def admin_index(self, request):
          return render(request, 'telemeta/admin.html', self.__get_admin_context_vars())
  
-    @method_decorator(permission_required('sites.change_site'))
+    @method_decorator(permission_required('is_superuser'))
      def admin_general(self, request):
          return render(request, 'telemeta/admin_general.html', self.__get_admin_context_vars())
  
-    @method_decorator(permission_required('sites.change_site'))
+    @method_decorator(permission_required('is_superuser'))
      def admin_enumerations(self, request):
          return render(request, 'telemeta/admin_enumerations.html', self.__get_admin_context_vars())
  
-    @method_decorator(permission_required('sites.change_site'))
+    @method_decorator(permission_required('is_superuser'))
      def admin_users(self, request):
          users = User.objects.all()
          return render(request, 'telemeta/admin_users.html', {'users': users})
@@ -1398,6 +1399,7 @@ class ProfileView(object):
          return render(request, template, {'profile' : profile, 'usr': user, 'playlists': playlists,
                                            'user_revisions': user_revisions})
  
+    @method_decorator(login_required)
      def profile_edit(self, request, username, template='telemeta/profile_edit.html'):
          if request.user.is_superuser:
              user_hidden_fields = ['profile-user', 'user-password', 'user-last_login', 'user-date_joined']
author	yomguy <yomguy@parisson.com>
	Thu, 12 Apr 2012 11:12:37 +0000 (13:12 +0200)
committer	yomguy <yomguy@parisson.com>
	Thu, 12 Apr 2012 11:12:37 +0000 (13:12 +0200)
setup.py		patch \| blob \| history
telemeta/views/base.py		patch \| blob \| history