From 2aaa98ee15d4e5032b4d4f0c83c140636fb8b10e Mon Sep 17 00:00:00 2001 From: Radek Czajka Date: Thu, 13 Oct 2011 10:56:05 +0200 Subject: [PATCH] require permissions to do non-versioned stuff --- apps/catalogue/views.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/apps/catalogue/views.py b/apps/catalogue/views.py index 9298116e..df7c2bf3 100644 --- a/apps/catalogue/views.py +++ b/apps/catalogue/views.py @@ -5,7 +5,7 @@ from StringIO import StringIO from django.contrib import auth from django.contrib.auth.models import User -from django.contrib.auth.decorators import login_required +from django.contrib.auth.decorators import login_required, permission_required from django.core.urlresolvers import reverse from django.db.models import Count, Q from django import http @@ -75,6 +75,7 @@ def logout_then_redirect(request): return http.HttpResponseRedirect(urlquote_plus(request.GET.get('next', '/'), safe='/?=')) +@permission_required('catalogue.add_book') @active_tab('create') def create_missing(request, slug=None): if slug is None: @@ -109,6 +110,7 @@ def create_missing(request, slug=None): }) +@permission_required('catalogue.add_book') @active_tab('upload') def upload(request): if request.method == "POST": @@ -316,6 +318,7 @@ def book(request, slug): }) +@permission_required('catalogue.add_chunk') def chunk_add(request, slug, chunk): try: doc = Chunk.get(slug, chunk) @@ -365,6 +368,7 @@ def chunk_edit(request, slug, chunk): }) +@permission_required('catalogue.change_book') def book_append(request, slug): book = get_object_or_404(Book, slug=slug) if request.method == "POST": @@ -381,6 +385,7 @@ def book_append(request, slug): }) +@permission_required('catalogue.change_book') def book_edit(request, slug): book = get_object_or_404(Book, slug=slug) if request.method == "POST": -- 2.20.1