[prev in list] [next in list] [prev in thread] [next in thread] 

List:       luci-commits
Subject:    [Luci-commits] [luci] luci: Don't let anonymous users access the preferences page
From:       rmccabe () fedoraproject ! org (Ryan McCabe)
Date:       2012-12-04 2:00:48
Message-ID: 20121204020048.A80D8355C () hosted02 ! fedoraproject ! org
[Download RAW message or body]

commit f82cb83ba20c1f8eef5b7fd0a087741e4a40f718
Author: Ryan McCabe <rmccabe at redhat.com>
Date:   Mon Dec 3 20:59:20 2012 -0500

    luci: Don't let anonymous users access the preferences page
    
    Require that users be logged in before being allowed to access the
    user preferences page. Currently, it's harmless if an anonymous
    user is able to access it, but login should be forced first, anyway.
    
    Resolves: rhbz#878960
    
    Signed-off-by: Ryan McCabe <rmccabe at redhat.com>

 luci/controllers/root.py |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)
---
diff --git a/luci/controllers/root.py b/luci/controllers/root.py
index a2c6cd3..bb8b736 100644
--- a/luci/controllers/root.py
+++ b/luci/controllers/root.py
@@ -69,6 +69,7 @@ class RootController(BaseController):
         return dict(page='about')
 
     @expose('luci.templates.prefs')
+    @require(not_anonymous())
     def prefs(self):
         """Handle the user preferences page."""
         return dict(page='prefs')

[prev in list] [next in list] [prev in thread] [next in thread]