From 961359bdab09ae0de0b8271ad0130ae8378f9356 Mon Sep 17 00:00:00 2001
From: Magnus Hagander <magnus@hagander.net>
Date: Thu, 18 Aug 2011 10:46:36 +0200
Subject: [PATCH] Validate superuser on "hidden" admin views

---
 pgweb/core/views.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pgweb/core/views.py b/pgweb/core/views.py
index 597fe915..9e753ea5 100644
--- a/pgweb/core/views.py
+++ b/pgweb/core/views.py
@@ -143,6 +143,7 @@ def system_information(request):
 
 # List of all unapproved objects, for the special admin page
 @login_required
+@user_passes_test(lambda u: u.is_superuser)
 def admin_pending(request):
 	return render_to_response('core/admin_pending.html', {
 			'app_list': get_all_pending_moderations(),
@@ -150,6 +151,7 @@ def admin_pending(request):
 
 # Purge objects from varnish, for the admin pages
 @login_required
+@user_passes_test(lambda u: u.is_superuser)
 def admin_purge(request):
 	if request.method == 'POST':
 		url = request.POST['url']