Mercurial > public > src > rhodecode

diff pylons_app/controllers/users.py @ 318:61be6dcd49a0
protected admin controllers
author: Marcin Kuzminski <marcin@python-works.com>
date: Mon, 28 Jun 2010 23:28:31 +0200
parents: 14478d989870
children: fdf9f6ee5217
--- a/pylons_app/controllers/users.py	Mon Jun 28 22:49:32 2010 +0200
+++ b/pylons_app/controllers/users.py	Mon Jun 28 23:28:31 2010 +0200
@@ -22,18 +22,18 @@
 users controller for pylons
 @author: marcink
 """
-import logging
+from formencode import htmlfill
 from pylons import request, session, tmpl_context as c, url
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from pylons_app.lib import helpers as h
-from pylons_app.lib.auth import LoginRequired
+from pylons_app.lib.auth import LoginRequired, HasPermissionAllDecorator
 from pylons_app.lib.base import BaseController, render
 from pylons_app.model.db import User, UserLog
 from pylons_app.model.forms import UserForm
 from pylons_app.model.user_model import UserModel
 import formencode
-from formencode import htmlfill
+import logging
 
 log = logging.getLogger(__name__)
 
@@ -42,7 +42,9 @@
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('user', 'users')
+    
     @LoginRequired()
+    @HasPermissionAllDecorator('hg.admin')
     def __before__(self):
         c.admin_user = session.get('admin_user')
         c.admin_username = session.get('admin_username')
@@ -110,7 +112,7 @@
                     % form_result['username'], category='error')
             
         return redirect(url('users'))
-                    
+    
     def delete(self, id):
         """DELETE /users/id: Delete an existing item"""
         # Forms posted to this method should contain a hidden field:
author	Marcin Kuzminski <marcin@python-works.com>
date	Mon, 28 Jun 2010 23:28:31 +0200
parents	14478d989870
children	fdf9f6ee5217