From: Radek Czajka Date: Thu, 13 Oct 2011 08:56:05 +0000 (+0200) Subject: require permissions to do non-versioned stuff X-Git-Url: https://git.mdrn.pl/redakcja.git/commitdiff_plain/2aaa98ee15d4e5032b4d4f0c83c140636fb8b10e?ds=sidebyside;hp=4b3016bf455bd8faca4209acf3c4b4fa361e4c85 require permissions to do non-versioned stuff --- diff --git a/apps/catalogue/views.py b/apps/catalogue/views.py index 9298116e..df7c2bf3 100644 --- a/apps/catalogue/views.py +++ b/apps/catalogue/views.py @@ -5,7 +5,7 @@ from StringIO import StringIO from django.contrib import auth from django.contrib.auth.models import User -from django.contrib.auth.decorators import login_required +from django.contrib.auth.decorators import login_required, permission_required from django.core.urlresolvers import reverse from django.db.models import Count, Q from django import http @@ -75,6 +75,7 @@ def logout_then_redirect(request): return http.HttpResponseRedirect(urlquote_plus(request.GET.get('next', '/'), safe='/?=')) +@permission_required('catalogue.add_book') @active_tab('create') def create_missing(request, slug=None): if slug is None: @@ -109,6 +110,7 @@ def create_missing(request, slug=None): }) +@permission_required('catalogue.add_book') @active_tab('upload') def upload(request): if request.method == "POST": @@ -316,6 +318,7 @@ def book(request, slug): }) +@permission_required('catalogue.add_chunk') def chunk_add(request, slug, chunk): try: doc = Chunk.get(slug, chunk) @@ -365,6 +368,7 @@ def chunk_edit(request, slug, chunk): }) +@permission_required('catalogue.change_book') def book_append(request, slug): book = get_object_or_404(Book, slug=slug) if request.method == "POST": @@ -381,6 +385,7 @@ def book_append(request, slug): }) +@permission_required('catalogue.change_book') def book_edit(request, slug): book = get_object_or_404(Book, slug=slug) if request.method == "POST":