Require login and use return code 403 if admin permission not given.

author Philipp Spitzer <philipp@spitzer.priv.at>

Tue, 29 Sep 2020 19:46:05 +0000 (21:46 +0200)

committer Philipp Spitzer <philipp@spitzer.priv.at>

Tue, 29 Sep 2020 19:46:05 +0000 (21:46 +0200)
author Philipp Spitzer <philipp@spitzer.priv.at>
Tue, 29 Sep 2020 19:46:05 +0000 (21:46 +0200)
committer Philipp Spitzer <philipp@spitzer.priv.at>
Tue, 29 Sep 2020 19:46:05 +0000 (21:46 +0200)
diff --git a/wradmin/__init__.py b/wradmin/__init__.py

index 92ba2d39c3f0a801e091ab82400b2b8e147502f5..b8ccc6f0547749f61ba10760bf057cd97e0a77c2 100644 (file)
--- a/wradmin/__init__.py
+++ b/wradmin/__init__.py
@@ -47,13 +47,15 @@ def rodelbahn_list():
  
  
  @app.route("/rodelbahn/view/<int:id>")
-@admin_permission.require()
+@login_required
+@admin_permission.require(403)
  def rodelbahn_view(id):
      return RodelbahnController().view(id)
  
  
  @app.route("/rodelbahn/update")
-@admin_permission.require()
+@login_required
+@admin_permission.require(403)
  def rodelbahn_update():
      return RodelbahnController().update()
  
@@ -71,19 +73,22 @@ def rodelbahn_update_mapcache():
  
  
  @app.route("/bericht/list")
-@admin_permission.require()
+@login_required
+@admin_permission.require(403)
  def bericht_list():
      return BerichtController().list()
  
  
  @app.route("/bericht/view/<int:id>")
-@admin_permission.require()
+@login_required
+@admin_permission.require(403)
  def bericht_view(id):
      return BerichtController().view(id)
  
  
  @app.route("/bericht/change_date_invalid/<int:id>", methods=['POST'])
-@admin_permission.require()
+@login_required
+@admin_permission.require(403)
  def bericht_change_date_invalid(id):
      return BerichtController().change_date_invalid(id)
author	Philipp Spitzer <philipp@spitzer.priv.at>
	Tue, 29 Sep 2020 19:46:05 +0000 (21:46 +0200)
committer	Philipp Spitzer <philipp@spitzer.priv.at>
	Tue, 29 Sep 2020 19:46:05 +0000 (21:46 +0200)