Add admin securisation

regisf · regisf · commit 4d2f30728b00 · 2014-10-19T11:13:50.000+04:00
diff --git a/App/Admin/emailshandler.py b/App/Admin/emailshandler.py
@@ -17,7 +17,7 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
-from tornado.web import RequestHandler
+from tornadoext.requesthandler import RequestHandler, admin_auth_required
 from App.models.email import EmailModel
 from App.models.preference import PreferenceModel
 
@@ -49,6 +49,7 @@ def control_arguments(handler, edit=False):
 
 
 class EmailsHandler(RequestHandler):
+    @admin_auth_required
     def get(self):
         """
         Get all emails templates
@@ -65,9 +66,11 @@ def get(self):
 
 
 class EmailsAddHandler(RequestHandler):
+    @admin_auth_required
     def get(self):
         self.render("admin/emails/add.html", errors={}, title='', content='', shortcut='')
 
+    @admin_auth_required
     def post(self, ):
         errors, title, content, shortcut = control_arguments(self)
 
@@ -86,6 +89,7 @@ def post(self, ):
 
 
 class EmailEditHandler(RequestHandler):
+    @admin_auth_required
     def get(self, shortcut):
         """ Display edit form """
         email = EmailModel().find_by_shortcut(shortcut)
@@ -94,6 +98,7 @@ def get(self, shortcut):
 
         self.render('admin/emails/edit.html', errors={}, email=email)
 
+    @admin_auth_required
     def post(self, shortcut):
         """
         Handle save
@@ -110,6 +115,7 @@ def post(self, shortcut):
 
 
 class EmailsDeleteHandler(RequestHandler):
+    @admin_auth_required
     def get(self, name):
         EmailModel().delete(name)
         self.redirect('/admin/emails/')
diff --git a/App/Admin/preferencehandler.py b/App/Admin/preferencehandler.py
@@ -17,12 +17,13 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
-from tornado.web import RequestHandler
+from tornadoext.requesthandler import RequestHandler, admin_auth_required
 
 from App.models.preference import PreferenceModel
 
 
 class PreferenceHandler(RequestHandler):
+    @admin_auth_required
     def post(self):
         """
         Save preferences
diff --git a/App/Admin/usershandler.py b/App/Admin/usershandler.py
@@ -17,12 +17,13 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
-from tornado.web import RequestHandler
+from tornadoext.requesthandler import RequestHandler, admin_auth_required
 
 from App.models.user import UserModel
 
 
 class UsersHandler(RequestHandler):
+    @admin_auth_required
     def get(self):
         """
         Display all users
@@ -31,12 +32,14 @@ def get(self):
 
 
 class UsersEditHandler(RequestHandler):
+    @admin_auth_required
     def get(self, name):
         """
         Display the user information
         """
         self.render('admin/users/edit.html', user=UserModel().get_by_name(name))
 
+    @admin_auth_required
     def post(self, name):
         """
         Save the user modification
@@ -58,12 +61,14 @@ def post(self, name):
 
 
 class UsersDeleteHandler(RequestHandler):
+    @admin_auth_required
     def get(self, name):
         """
         Confirm page
         """
         self.render('admin/users/delete.html', username=name)
 
+    @admin_auth_required
     def post(self, name):
         """
         Execution page
@@ -77,9 +82,11 @@ class UsersAddHandler(RequestHandler):
     """
     Add a new user
     """
+    @admin_auth_required
     def get(self):
         self.render('admin/users/add.html', errors={})
 
+    @admin_auth_required
     def post(self):
         """
         The user is created
