VladPolskiy/postgres-web
1
0
Fork 0
mirror of https://github.com/postgres/pgweb.git synced 2025-08-03 15:38:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Validate superuser on "hidden" admin views

Browse Source
This commit is contained in:
Magnus Hagander
2011-08-18 10:46:36 +02:00
parent 248d940c7e
commit 961359bdab
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pgweb/core/views.py
View File

@ -143,6 +143,7 @@ def system_information(request):
# List of all unapproved objects, for the special admin page
@login_required
@user_passes_test(lambda u: u.is_superuser)
def admin_pending(request):
return render_to_response('core/admin_pending.html', {
'app_list': get_all_pending_moderations(),
@ -150,6 +151,7 @@ def admin_pending(request):
# Purge objects from varnish, for the admin pages
@login_required
@user_passes_test(lambda u: u.is_superuser)
def admin_purge(request):
if request.method == 'POST':
url = request.POST['url']