From: yomguy <yomguy@parisson.com>
Date: Sat, 26 Jan 2013 14:22:12 +0000 (+0100)
Subject: add security
X-Git-Tag: 0.9-probarreau~95
X-Git-Url: https://git.parisson.com/?a=commitdiff_plain;h=442fa8c828a7b3effba06b444668f0eac5f3f5bf;p=teleforma.git

add security
---

diff --git a/teleforma/views/pro.py b/teleforma/views/pro.py
index e15ba93c..3b6f12a8 100644
--- a/teleforma/views/pro.py
+++ b/teleforma/views/pro.py
@@ -152,6 +152,7 @@ class SeminarsView(ListView):
     def get_queryset(self):
         return all_seminars(self.request, date_order=True)['all_seminars']
 
+
 class AnswerView(SeminarAccessMixin, FormView):
 
     model = Answer
@@ -282,11 +283,12 @@ class AnswersView(ListView):
         context['page'] = page
         return context
 
+    @method_decorator(permission_required('is_superuser'))
     @method_decorator(login_required)
     def dispatch(self, *args, **kwargs):
         return super(AnswersView, self).dispatch(*args, **kwargs)
 
-
+    @method_decorator(permission_required('is_superuser'))
     @jsonrpc_method('teleforma.validate_answer')
     def validate(request, id):
         context = {}
@@ -337,6 +339,7 @@ class AnswersView(ListView):
         notify_user(mess, 'acceptance')
         return
 
+    @method_decorator(permission_required('is_superuser'))
     @jsonrpc_method('teleforma.reject_answer')
     def reject(request, id):
         context = {}
@@ -416,6 +419,7 @@ class AnswerDetailView(DetailView):
     model = Answer
     template_name='teleforma/answer_detail.html'
 
+    @method_decorator(permission_required('is_superuser'))
     @method_decorator(login_required)
     def dispatch(self, *args, **kwargs):
         return super(AnswerDetailView, self).dispatch(*args, **kwargs)