From aafa325686da7c331f199b3e53c8e9f2e810f3a7 Mon Sep 17 00:00:00 2001
From: yomguy <yomguy@parisson.com>
Date: Thu, 12 Apr 2012 12:44:08 +0200
Subject: [PATCH] add security login decorators to views

---
 teleforma/htdocs/css/teleforma_black.css |  2 +-
 teleforma/urls.py                        |  8 +++----
 teleforma/views.py                       | 27 ++++++++++++++++++++++++
 3 files changed, 32 insertions(+), 5 deletions(-)

diff --git a/teleforma/htdocs/css/teleforma_black.css b/teleforma/htdocs/css/teleforma_black.css
index a3215b25..cfdee9e2 100644
--- a/teleforma/htdocs/css/teleforma_black.css
+++ b/teleforma/htdocs/css/teleforma_black.css
@@ -1362,7 +1362,7 @@ input,textarea{
 .desk_large {
     float: left;
     width:75%;
-    padding: 0em 0.8em 0em 1em;
+    padding: 0em 1.8em 0em 1em;
     max-height: 550px;
     overflow-y: scroll;
     }
diff --git a/teleforma/urls.py b/teleforma/urls.py
index 7cbc4fac..fde92f71 100644
--- a/teleforma/urls.py
+++ b/teleforma/urls.py
@@ -59,10 +59,10 @@ urlpatterns = patterns('',
     url(r'^messages/', include('postman.urls')),
 
     # Users
-    url(r'^user/all/$', UsersView.as_view(), name="teleforma-users"),
-    url(r'^user/by_training/(\w+)/$', UsersTrainingView.as_view(), name="teleforma-training-users"),
-    url(r'^user/all/export/$', user_export.all, name="teleforma-users-xls-export"),
-    url(r'^user/by_training/(?P<id>.*)/export/$', user_export.by_training, name="teleforma-training-users-export"),
+    url(r'^users/$', UsersView.as_view(), name="teleforma-users"),
+    url(r'^users/by_training/(\w+)/$', UsersTrainingView.as_view(), name="teleforma-training-users"),
+    url(r'^users/all/export/$', user_export.all, name="teleforma-users-xls-export"),
+    url(r'^users/by_training/(?P<id>.*)/export/$', user_export.by_training, name="teleforma-training-users-export"),
 
 # CSS+Images (FIXME: for developement only)
     url(r'^teleforma/css/(?P<path>.*)$', 'django.views.static.serve',
diff --git a/teleforma/views.py b/teleforma/views.py
index c2efa52d..8218afb9 100755
--- a/teleforma/views.py
+++ b/teleforma/views.py
@@ -25,6 +25,7 @@ from django.contrib.auth.forms import UserChangeForm
 from django.core.exceptions import ObjectDoesNotExist
 from django.contrib.syndication.views import Feed
 from django.core.paginator import Paginator
+from django.contrib.auth.decorators import login_required
 
 from teleforma.models import *
 from telemeta.views.base import *
@@ -90,6 +91,11 @@ class CourseView(DetailView):
         context['notes'] = course.notes.all().filter(author=self.request.user)
         return context
 
+    @method_decorator(login_required)
+    def dispatch(self, *args, **kwargs):
+        return super(CourseView, self).dispatch(*args, **kwargs)
+
+
 class CoursesView(ListView):
 
     model = Course
@@ -101,6 +107,11 @@ class CoursesView(ListView):
         context['notes'] = Note.objects.filter(author=self.request.user)
         return context
 
+    @method_decorator(login_required)
+    def dispatch(self, *args, **kwargs):
+        return super(CoursesView, self).dispatch(*args, **kwargs)
+
+
 class MediaView(DetailView):
 
     model = Media
@@ -118,6 +129,11 @@ class MediaView(DetailView):
         context['room'] = media.course.chat_room
         return context
 
+    @method_decorator(login_required)
+    def dispatch(self, *args, **kwargs):
+        return super(MediaView, self).dispatch(*args, **kwargs)
+
+
 class UsersView(ListView):
 
     model = User
@@ -134,6 +150,11 @@ class UsersView(ListView):
         context['all_users'] = User.objects.all()
         return context
 
+    @method_decorator(login_required)
+    def dispatch(self, *args, **kwargs):
+        return super(UsersView, self).dispatch(*args, **kwargs)
+
+
 class UsersTrainingView(UsersView):
 
     def get_queryset(self):
@@ -141,12 +162,18 @@ class UsersTrainingView(UsersView):
         self.trainings = Training.objects.filter(id=self.args[0])
         return User.objects.filter(student__training__in=self.trainings)
 
+    @login_required
     def get_context_data(self, **kwargs):
         context = super(UsersTrainingView, self).get_context_data(**kwargs)
         context['training'] = Training.objects.get(id=self.args[0])
         context['all_users'] = User.objects.filter(student__training__in=self.trainings).all()
         return context
 
+    @method_decorator(login_required)
+    def dispatch(self, *args, **kwargs):
+        return super(UsersTrainingView, self).dispatch(*args, **kwargs)
+
+
 class UsersXLSExport(object):
 
     first_row = 2
-- 
2.39.5