From a69e37544c525a0a8e7ef9136665ea150685a675 Mon Sep 17 00:00:00 2001
From: tr4ck3ur <tr4ck3ur@style-python.fr>
Date: Sat, 18 Jul 2015 00:46:48 +0200
Subject: [PATCH] Everyone can forget something mandatory :/ Let's fix it

---
 jm2l/views.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/jm2l/views.py b/jm2l/views.py
index f1e8dec..0e443ab 100644
--- a/jm2l/views.py
+++ b/jm2l/views.py
@@ -745,6 +745,11 @@ def vote_logo(request):
 
 @view_config(route_name='list_users', renderer="jm2l:templates/Participant/list.mako")
 def list_users(request):
+    if request.user is None:
+        # Don't answer to users that aren't logged
+        raise HTTPForbidden(u'Vous devez vous identifier pour obtenir une réponse.')
+    if not request.user.Staff:
+        raise HTTPForbidden(u'Vous n\'avez pas l\'autorité suffisante pour effectuer cette action.')
     Data = DBSession.query(User, Sejour).outerjoin(Sejour).all()
     Repas = DBSession.query(Sejour.repas).all()
     DicRepas = {"Ven":0, "Midi":0, "Soir":0}