From: Philipp Spitzer <philipp@spitzer.priv.at>
Date: Tue, 29 Sep 2020 19:46:05 +0000 (+0200)
Subject: Require login and use return code 403 if admin permission not given.
X-Git-Url: https://git.toastfreeware.priv.at/philipp/winterrodeln/wradmin.git/commitdiff_plain/93be7d37da206b2635391649fb4d134f15e807a7

Require login and use return code 403 if admin permission not given.
---

diff --git a/wradmin/__init__.py b/wradmin/__init__.py
index 92ba2d3..b8ccc6f 100644
--- a/wradmin/__init__.py
+++ b/wradmin/__init__.py
@@ -47,13 +47,15 @@ def rodelbahn_list():
 
 
 @app.route("/rodelbahn/view/<int:id>")
-@admin_permission.require()
+@login_required
+@admin_permission.require(403)
 def rodelbahn_view(id):
     return RodelbahnController().view(id)
 
 
 @app.route("/rodelbahn/update")
-@admin_permission.require()
+@login_required
+@admin_permission.require(403)
 def rodelbahn_update():
     return RodelbahnController().update()
 
@@ -71,19 +73,22 @@ def rodelbahn_update_mapcache():
 
 
 @app.route("/bericht/list")
-@admin_permission.require()
+@login_required
+@admin_permission.require(403)
 def bericht_list():
     return BerichtController().list()
 
 
 @app.route("/bericht/view/<int:id>")
-@admin_permission.require()
+@login_required
+@admin_permission.require(403)
 def bericht_view(id):
     return BerichtController().view(id)
 
 
 @app.route("/bericht/change_date_invalid/<int:id>", methods=['POST'])
-@admin_permission.require()
+@login_required
+@admin_permission.require(403)
 def bericht_change_date_invalid(id):
     return BerichtController().change_date_invalid(id)