Now only members of sysop group are admins.

[philipp/winterrodeln/wradmin.git] / wradmin / __init__.py

diff --git a/wradmin/__init__.py b/wradmin/__init__.py
index 92ba2d39c3f0a801e091ab82400b2b8e147502f5..3af43fc3baf422eff1e98506083991a3fea12833 100644 (file)
--- a/wradmin/__init__.py
+++ b/wradmin/__init__.py
@@ -47,13 +47,15 @@ def rodelbahn_list():
 
 
 @app.route("/rodelbahn/view/<int:id>")
-@admin_permission.require()
+@login_required
+@admin_permission.require(403)
 def rodelbahn_view(id):
     return RodelbahnController().view(id)
 
 
 @app.route("/rodelbahn/update")
-@admin_permission.require()
+@login_required
+@admin_permission.require(403)
 def rodelbahn_update():
     return RodelbahnController().update()
 
@@ -71,19 +73,22 @@ def rodelbahn_update_mapcache():
 
 
 @app.route("/bericht/list")
-@admin_permission.require()
+@login_required
+@admin_permission.require(403)
 def bericht_list():
     return BerichtController().list()
 
 
 @app.route("/bericht/view/<int:id>")
-@admin_permission.require()
+@login_required
+@admin_permission.require(403)
 def bericht_view(id):
     return BerichtController().view(id)
 
 
 @app.route("/bericht/change_date_invalid/<int:id>", methods=['POST'])
-@admin_permission.require()
+@login_required
+@admin_permission.require(403)
 def bericht_change_date_invalid(id):
     return BerichtController().change_date_invalid(id)
 
@@ -162,5 +167,5 @@ def on_identity_loaded(sender, identity):
     user_id = current_user.get_id()
     if user_id is not None:
         identity.provides.add(UserNeed(user_id))
-        if current_user.user_name == b'Philipp':
+        if wradmin.model.meta.Session.query(wradmin.model.MwUserGroups).get((user_id, 'sysop')) is not None:
             identity.provides.add(RoleNeed('admin'))