diff options
author | Paul Eggleton <paul.eggleton@linux.intel.com> | 2013-03-28 10:01:16 +0000 |
---|---|---|
committer | Paul Eggleton <paul.eggleton@linux.intel.com> | 2013-03-28 10:03:46 +0000 |
commit | f7b2bd71b193e8324e2fe7ac7beafb65620585c2 (patch) | |
tree | a5894312365b3c2597313697d394f06a1230f6ac /layerindex | |
parent | 86ffcbd5fea5066b0388c3524657ff1c2f061dc3 (diff) | |
download | openembedded-core-contrib-f7b2bd71b193e8324e2fe7ac7beafb65620585c2.tar.gz |
Redirect to login page for review list/detail views if not logged in
This avoids showing a 403 error when a user clicks on a review link in
the layer submission notification email but hasn't logged in yet.
Also protect the review list view with a permission check; it's not that
it's sensitive, but we should be consistent with the detail here.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Diffstat (limited to 'layerindex')
-rw-r--r-- | layerindex/views.py | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/layerindex/views.py b/layerindex/views.py index 89822ba798..26cd22fec1 100644 --- a/layerindex/views.py +++ b/layerindex/views.py @@ -19,6 +19,8 @@ from django.db.models import Q from django.core.mail import EmailMessage from django.template.loader import get_template from django.template import Context +from django.utils.decorators import method_decorator +from django.contrib.auth.decorators import login_required import simplesearch import settings @@ -202,7 +204,10 @@ class LayerListView(ListView): return context class LayerReviewListView(ListView): + @method_decorator(login_required) def dispatch(self, request, *args, **kwargs): + if not request.user.has_perm('layerindex.publish_layer'): + raise PermissionDenied _check_branch(request) return super(LayerReviewListView, self).dispatch(request, *args, **kwargs) @@ -233,6 +238,7 @@ class LayerDetailView(DetailView): return context class LayerReviewDetailView(LayerDetailView): + @method_decorator(login_required) def dispatch(self, request, *args, **kwargs): if not request.user.has_perm('layerindex.publish_layer'): raise PermissionDenied |