From 39e17d4f7702ba0634719224264a3c6c1c3835a2 Mon Sep 17 00:00:00 2001
From: yomguy <yomguy@parisson.com>
Date: Thu, 12 Apr 2012 13:12:37 +0200
Subject: [PATCH] HOT: add login security to accounts/ view, now need django
 1.4

---
 setup.py               |  2 +-
 telemeta/views/base.py | 10 ++++++----
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/setup.py b/setup.py
index ba15c071..acff376c 100644
--- a/setup.py
+++ b/setup.py
@@ -14,7 +14,7 @@ setup(
   author_email = "yomguy@parisson.com",
   version = telemeta.__version__,
   install_requires = [
-        'django>=1.3.1',
+        'django>=1.4',
         'django-registration',
         'django-json-rpc',
         'timeside',
diff --git a/telemeta/views/base.py b/telemeta/views/base.py
index d2a8771c..145054f2 100644
--- a/telemeta/views/base.py
+++ b/telemeta/views/base.py
@@ -422,6 +422,7 @@ class GeneralView(object):
 
         return HttpResponse("\n".join(data))
 
+    @method_decorator(login_required)
     def users(self, request):
         users = User.objects.all()
         return render(request, 'telemeta/users.html', {'users': users})
@@ -1037,19 +1038,19 @@ class ItemView(object):
 class AdminView(object):
     """Provide Admin web UI methods"""
 
-    @method_decorator(permission_required('sites.change_site'))
+    @method_decorator(permission_required('is_superuser'))
     def admin_index(self, request):
         return render(request, 'telemeta/admin.html', self.__get_admin_context_vars())
 
-    @method_decorator(permission_required('sites.change_site'))
+    @method_decorator(permission_required('is_superuser'))
     def admin_general(self, request):
         return render(request, 'telemeta/admin_general.html', self.__get_admin_context_vars())
 
-    @method_decorator(permission_required('sites.change_site'))
+    @method_decorator(permission_required('is_superuser'))
     def admin_enumerations(self, request):
         return render(request, 'telemeta/admin_enumerations.html', self.__get_admin_context_vars())
 
-    @method_decorator(permission_required('sites.change_site'))
+    @method_decorator(permission_required('is_superuser'))
     def admin_users(self, request):
         users = User.objects.all()
         return render(request, 'telemeta/admin_users.html', {'users': users})
@@ -1398,6 +1399,7 @@ class ProfileView(object):
         return render(request, template, {'profile' : profile, 'usr': user, 'playlists': playlists,
                                           'user_revisions': user_revisions})
 
+    @method_decorator(login_required)
     def profile_edit(self, request, username, template='telemeta/profile_edit.html'):
         if request.user.is_superuser:
             user_hidden_fields = ['profile-user', 'user-password', 'user-last_login', 'user-date_joined']
-- 
2.39.5