Should probably limit system settings to admins

This commit is contained in:
Andrew Godwin 2022-11-16 21:14:05 -07:00
parent 1b52acdb56
commit 9d97fc92d8
2 changed files with 12 additions and 3 deletions

View File

@ -1,5 +1,6 @@
from functools import wraps from functools import wraps
from django.contrib.auth.decorators import user_passes_test
from django.contrib.auth.views import redirect_to_login from django.contrib.auth.views import redirect_to_login
from django.http import HttpResponseRedirect from django.http import HttpResponseRedirect
@ -26,3 +27,7 @@ def identity_required(function):
return function(request, *args, **kwargs) return function(request, *args, **kwargs)
return inner return inner
def admin_required(function):
return user_passes_test(lambda user: user.admin)(function)

View File

@ -9,16 +9,16 @@ from django.utils.decorators import method_decorator
from django.views.generic import FormView, RedirectView, TemplateView from django.views.generic import FormView, RedirectView, TemplateView
from core.models import Config from core.models import Config
from users.decorators import identity_required from users.decorators import admin_required
from users.models import Domain from users.models import Domain
@method_decorator(identity_required, name="dispatch") @method_decorator(admin_required, name="dispatch")
class SystemSettingsRoot(RedirectView): class SystemSettingsRoot(RedirectView):
url = "/settings/system/basic/" url = "/settings/system/basic/"
@method_decorator(identity_required, name="dispatch") @method_decorator(admin_required, name="dispatch")
class SystemSettingsPage(FormView): class SystemSettingsPage(FormView):
""" """
Shows a settings page dynamically created from our settings layout Shows a settings page dynamically created from our settings layout
@ -100,6 +100,7 @@ class BasicPage(SystemSettingsPage):
} }
@method_decorator(admin_required, name="dispatch")
class DomainsPage(TemplateView): class DomainsPage(TemplateView):
template_name = "settings/settings_system_domains.html" template_name = "settings/settings_system_domains.html"
@ -111,6 +112,7 @@ class DomainsPage(TemplateView):
} }
@method_decorator(admin_required, name="dispatch")
class DomainCreatePage(FormView): class DomainCreatePage(FormView):
template_name = "settings/settings_system_domain_create.html" template_name = "settings/settings_system_domain_create.html"
@ -170,6 +172,7 @@ class DomainCreatePage(FormView):
return redirect(Domain.urls.root) return redirect(Domain.urls.root)
@method_decorator(admin_required, name="dispatch")
class DomainEditPage(FormView): class DomainEditPage(FormView):
template_name = "settings/settings_system_domain_edit.html" template_name = "settings/settings_system_domain_edit.html"
@ -215,6 +218,7 @@ class DomainEditPage(FormView):
} }
@method_decorator(admin_required, name="dispatch")
class DomainDeletePage(TemplateView): class DomainDeletePage(TemplateView):
template_name = "settings/settings_system_domain_delete.html" template_name = "settings/settings_system_domain_delete.html"