Commit c65c72c3 authored by fred's avatar fred
Browse files

limit cms access to those with add_page permission

parent 5279f79f
......@@ -19,7 +19,7 @@ from nonstop.urls import urlpatterns as nonstop_urlpatterns
from combo.manager.urls import urlpatterns as combo_manager_urls
from urls_utils import decorated_includes
from urls_utils import decorated_includes, cms_permission_required
sqs = SearchQuerySet().models(Emission, Episode, NewsItem).facet('categories').facet('tags')
......@@ -46,7 +46,7 @@ urlpatterns = patterns('',
decorated_includes(login_required, include(newsletter_urlpatterns))),
decorated_includes(login_required, include(combo_manager_urls))),
decorated_includes(cms_permission_required, include(combo_manager_urls))),
url(r'^news/$', '', name='news-list'),
from django.contrib.auth.decorators import user_passes_test
from django.core.urlresolvers import RegexURLPattern, RegexURLResolver
class DecoratedURLPattern(RegexURLPattern):
......@@ -28,3 +29,16 @@ def decorated_includes(func, includes, *args, **kwargs):
return urlconf_module, app_name, namespace
def cms_permission_required(function=None, login_url=None):
def check_cms_permission(user):
if user and user.has_perm('combo.add_page'):
return True
if user and not user.is_anonymous():
raise PermissionDenied()
# As the last resort, show the login form
return False
actual_decorator = user_passes_test(check_cms_permission, login_url=login_url)
if function:
return actual_decorator(function)
return actual_decorator
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment