diff options
| author | Andrew Godwin | 2022-11-16 21:14:05 -0700 |
|---|---|---|
| committer | Andrew Godwin | 2022-11-16 21:14:05 -0700 |
| commit | 9d97fc92d82289301896c88f8c828321aa99701d (patch) | |
| tree | 1ea94bcae7531ed28962ab64188734cb89aa673e | |
| parent | 1b52acdb56346d939eb2e26ff449697b52fa7142 (diff) | |
| download | takahe-9d97fc92d82289301896c88f8c828321aa99701d.tar.gz takahe-9d97fc92d82289301896c88f8c828321aa99701d.tar.bz2 takahe-9d97fc92d82289301896c88f8c828321aa99701d.zip | |
Should probably limit system settings to admins
| -rw-r--r-- | users/decorators.py | 5 | ||||
| -rw-r--r-- | users/views/settings_system.py | 10 |
2 files changed, 12 insertions, 3 deletions
diff --git a/users/decorators.py b/users/decorators.py index d373692..5226460 100644 --- a/users/decorators.py +++ b/users/decorators.py @@ -1,5 +1,6 @@ from functools import wraps +from django.contrib.auth.decorators import user_passes_test from django.contrib.auth.views import redirect_to_login from django.http import HttpResponseRedirect @@ -26,3 +27,7 @@ def identity_required(function): return function(request, *args, **kwargs) return inner + + +def admin_required(function): + return user_passes_test(lambda user: user.admin)(function) diff --git a/users/views/settings_system.py b/users/views/settings_system.py index bfd9fb7..e5e9e85 100644 --- a/users/views/settings_system.py +++ b/users/views/settings_system.py @@ -9,16 +9,16 @@ from django.utils.decorators import method_decorator from django.views.generic import FormView, RedirectView, TemplateView from core.models import Config -from users.decorators import identity_required +from users.decorators import admin_required from users.models import Domain -@method_decorator(identity_required, name="dispatch") +@method_decorator(admin_required, name="dispatch") class SystemSettingsRoot(RedirectView): url = "/settings/system/basic/" -@method_decorator(identity_required, name="dispatch") +@method_decorator(admin_required, name="dispatch") class SystemSettingsPage(FormView): """ Shows a settings page dynamically created from our settings layout @@ -100,6 +100,7 @@ class BasicPage(SystemSettingsPage): } +@method_decorator(admin_required, name="dispatch") class DomainsPage(TemplateView): template_name = "settings/settings_system_domains.html" @@ -111,6 +112,7 @@ class DomainsPage(TemplateView): } +@method_decorator(admin_required, name="dispatch") class DomainCreatePage(FormView): template_name = "settings/settings_system_domain_create.html" @@ -170,6 +172,7 @@ class DomainCreatePage(FormView): return redirect(Domain.urls.root) +@method_decorator(admin_required, name="dispatch") class DomainEditPage(FormView): template_name = "settings/settings_system_domain_edit.html" @@ -215,6 +218,7 @@ class DomainEditPage(FormView): } +@method_decorator(admin_required, name="dispatch") class DomainDeletePage(TemplateView): template_name = "settings/settings_system_domain_delete.html" |