Adds login required to admin pages

DataViva · May 11, 2016 · 1308d5e · 1308d5e
1 parent 7f263d5
commit 1308d5e
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 2 deletions.
diff --git a/dataviva/apps/admin/views.py b/dataviva/apps/admin/views.py
@@ -1,6 +1,7 @@
 from flask import Blueprint, render_template, g
 from flask.ext.babel import gettext
 from dataviva.apps.general.views import get_locale
+from flask.ext.login import login_required
 from functools import wraps
 
 mod = Blueprint('admin', __name__,
@@ -39,5 +40,6 @@ def pull_lang_code(endpoint, values):
 
 
 @mod.route('/')
+@login_required
 def index():
     return render_template('admin/index.html')
diff --git a/dataviva/apps/blog/views.py b/dataviva/apps/blog/views.py
@@ -1,7 +1,7 @@
 # -*- coding: utf-8 -*-
 from flask import Blueprint, render_template, g, redirect, url_for, flash, jsonify, request
 from dataviva.apps.general.views import get_locale
-
+from flask.ext.login import login_required
 from sqlalchemy import desc
 from models import Post, PostSubject
 from dataviva import db
@@ -71,12 +71,14 @@ def all_posts():
 
 
 @mod.route('/admin', methods=['GET'])
+@login_required
 def admin():
     posts = Post.query.all()
     return render_template('blog/admin.html', posts=posts)
 
 
 @mod.route('/admin/post/<status>/<status_value>', methods=['POST'])
+@login_required
 def admin_activate(status, status_value):
     for id in request.form.getlist('ids[]'):
         post = Post.query.filter_by(id=id).first_or_404()
@@ -88,6 +90,7 @@ def admin_activate(status, status_value):
 
 
 @mod.route('/admin/delete', methods=['POST'])
+@login_required
 def admin_delete():
     ids = request.form.getlist('ids[]')
     if ids:
@@ -102,12 +105,14 @@ def admin_delete():
 
 
 @mod.route('/admin/post/new', methods=['GET'])
+@login_required
 def new():
     form = RegistrationForm()
     return render_template('blog/new.html', form=form, action=url_for('blog.create'))
 
 
 @mod.route('/admin/post/new', methods=['POST'])
+@login_required
 def create():
     form = RegistrationForm()
     if form.validate() is False:
@@ -142,6 +147,7 @@ def create():
 
 
 @mod.route('/admin/post/<id>/edit', methods=['GET'])
+@login_required
 def edit(id):
     form = RegistrationForm()
     post = Post.query.filter_by(id=id).first_or_404()
@@ -156,6 +162,7 @@ def edit(id):
 
 
 @mod.route('/admin/post/<id>/edit', methods=['POST'])
+@login_required
 def update(id):
     form = RegistrationForm()
     id = int(id.encode())

diff --git a/dataviva/apps/news/views.py b/dataviva/apps/news/views.py
@@ -1,7 +1,7 @@
 # -*- coding: utf-8 -*-
 from flask import Blueprint, render_template, g, redirect, url_for, flash, jsonify, request
 from dataviva.apps.general.views import get_locale
-
+from flask.ext.login import login_required
 from sqlalchemy import desc
 from models import Publication, PublicationSubject
 from dataviva import db
@@ -57,12 +57,14 @@ def all():
 
 
 @mod.route('/admin', methods=['GET'])
+@login_required
 def admin():
     publications = Publication.query.all()
     return render_template('news/admin.html', publications=publications)
 
 
 @mod.route('/admin/publication/<status>/<status_value>', methods=['POST'])
+@login_required
 def admin_activate(status, status_value):
     for id in request.form.getlist('ids[]'):
         publication = Publication.query.filter_by(id=id).first_or_404()
@@ -74,6 +76,7 @@ def admin_activate(status, status_value):
 
 
 @mod.route('/admin/delete', methods=['POST'])
+@login_required
 def admin_delete():
     ids = request.form.getlist('ids[]')
     if ids:
@@ -88,12 +91,14 @@ def admin_delete():
 
 
 @mod.route('/admin/publication/new', methods=['GET'])
+@login_required
 def new():
     form = RegistrationForm()
     return render_template('news/new.html', form=form, action=url_for('news.create'))
 
 
 @mod.route('/admin/publication/new', methods=['POST'])
+@login_required
 def create():
     form = RegistrationForm()
     if form.validate() is False:
@@ -120,6 +125,7 @@ def create():
 
 
 @mod.route('/admin/publication/<id>/edit', methods=['GET'])
+@login_required
 def edit(id):
     form = RegistrationForm()
     publication = Publication.query.filter_by(id=id).first_or_404()
@@ -135,6 +141,7 @@ def edit(id):
 
 
 @mod.route('admin/publication/<id>/edit', methods=['POST'])
+@login_required
 def update(id):
     form = RegistrationForm()
     id = int(id.encode())

diff --git a/dataviva/apps/users/views.py b/dataviva/apps/users/views.py
@@ -2,6 +2,7 @@
 from flask import Blueprint, render_template, g, redirect, url_for, jsonify, request
 from dataviva.apps.general.views import get_locale
 from dataviva.apps.account.models import User
+from flask.ext.login import login_required
 from dataviva import db
 
 
@@ -26,6 +27,7 @@ def users():
 
 
 @mod.route('/admin', methods=['GET'])
+@login_required
 def admin():
     users = User.query.all()
     return render_template('users/admin.html', users=users)
@@ -41,6 +43,7 @@ def all():
 
 
 @mod.route('/admin/delete', methods=['POST'])
+@login_required
 def admin_delete():
     ids = request.form.getlist('ids[]')
     if ids:
@@ -55,6 +58,7 @@ def admin_delete():
 
 
 @mod.route('/admin/users/<status>/<status_value>', methods=['POST'])
+@login_required
 def admin_activate(status, status_value):
     for id in request.form.getlist('ids[]'):
         users = User.query.filter_by(id=id).first_or_404()