From 9c0ac0dc0534f8288d7fd1138c79b7482767a482 Mon Sep 17 00:00:00 2001 From: Drew Larson Date: Sun, 26 Jun 2016 16:20:22 -0600 Subject: [PATCH] Lock down views. --- bikeshop_project/registration/views.py | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/bikeshop_project/registration/views.py b/bikeshop_project/registration/views.py index 0adc00c..e27bfb1 100644 --- a/bikeshop_project/registration/views.py +++ b/bikeshop_project/registration/views.py @@ -1,6 +1,7 @@ import json import logging +from django.contrib.auth.decorators import login_required from django.core.urlresolvers import reverse from django.http import HttpResponse, HttpResponseRedirect, JsonResponse from django.shortcuts import get_object_or_404 @@ -8,21 +9,20 @@ from django.template.response import TemplateResponse from django.utils import timezone from django.utils.decorators import method_decorator from django.views.decorators.csrf import csrf_exempt -from django.views.generic import View -from django.views.generic import TemplateView +from django.views.generic import TemplateView, View +from rest_framework.renderers import JSONRenderer +from rest_framework.serializers import ModelSerializer from core.models import Visit from haystack.query import SearchQuerySet -from rest_framework.serializers import ModelSerializer -from rest_framework.renderers import JSONRenderer - from .forms import MemberForm from .models import Member logger = logging.getLogger('bikeshop') +@method_decorator(login_required, name='dispatch') class MemberFormView(View): def get(self, request, member_id=None): try: @@ -105,9 +105,11 @@ class MemberSignIn(View): return JsonResponse(data=json.decode(), safe=False, status=200) + +@method_decorator(login_required, name='dispatch') class Members(TemplateView): template_name = 'members.html' def get(self, request): members = Member.objects.all() - return self.render_to_response(dict(members=members)) \ No newline at end of file + return self.render_to_response(dict(members=members))