Browse Source

Everyone can forget something mandatory :/
Let's fix it

tr4ck3ur 2 years ago
parent
commit
a69e37544c
1 changed files with 5 additions and 0 deletions
  1. 5 0
      jm2l/views.py

+ 5 - 0
jm2l/views.py

@@ -745,6 +745,11 @@ def vote_logo(request):
745 745
 
746 746
 @view_config(route_name='list_users', renderer="jm2l:templates/Participant/list.mako")
747 747
 def list_users(request):
748
+    if request.user is None:
749
+        # Don't answer to users that aren't logged
750
+        raise HTTPForbidden(u'Vous devez vous identifier pour obtenir une réponse.')
751
+    if not request.user.Staff:
752
+        raise HTTPForbidden(u'Vous n\'avez pas l\'autorité suffisante pour effectuer cette action.')
748 753
     Data = DBSession.query(User, Sejour).outerjoin(Sejour).all()
749 754
     Repas = DBSession.query(Sejour.repas).all()
750 755
     DicRepas = {"Ven":0, "Midi":0, "Soir":0}