Utilise permission_required pour la gestion des droits (#4182)

zestedesavoir · Feb 8, 2017 · 5582cd3 · 5582cd3
1 parent 2ee7534
commit 5582cd3
Showing 1 changed file with 5 additions and 13 deletions.
diff --git a/zds/member/views.py b/zds/member/views.py
@@ -8,7 +8,7 @@
 from django.conf import settings
 from django.contrib import messages
 from django.contrib.auth import authenticate, login, logout
-from django.contrib.auth.decorators import login_required
+from django.contrib.auth.decorators import login_required, permission_required
 from django.contrib.auth.models import User, Group
 from django.template.context_processors import csrf
 from django.core.exceptions import PermissionDenied
@@ -431,13 +431,11 @@ def unregister(request):
 @require_POST
 @can_write_and_read_now
 @login_required
+@permission_required('member.change_profile', raise_exception=True)
 @transaction.atomic
 def modify_profile(request, user_pk):
     """Modifies sanction of a user if there is a POST request."""
 
-    if not request.user.has_perm('member.change_profile'):
-        raise PermissionDenied
-
     profile = get_object_or_404(Profile, user__pk=user_pk)
     if profile.is_private():
         raise PermissionDenied
@@ -584,12 +582,10 @@ def articles(request):
 
 @can_write_and_read_now
 @login_required
+@permission_required('member.change_profile', raise_exception=True)
 def settings_mini_profile(request, user_name):
     """Minimal settings of users for staff."""
 
-    if not request.user.has_perm('member.change_profile'):
-        raise PermissionDenied
-
     # extra information about the current user
     profile = get_object_or_404(Profile, user__username=user_name)
     if request.method == 'POST':
@@ -976,12 +972,10 @@ def settings_promote(request, user_pk):
 
 
 @login_required
+@permission_required('member.change_profile', raise_exception=True)
 def member_from_ip(request, ip_address):
     """ Get list of user connected from a particular ip """
 
-    if not request.user.has_perm('member.change_profile'):
-        raise PermissionDenied
-
     members = Profile.objects.filter(last_ip_address=ip_address).order_by('-last_visit')
     return render(request, 'member/settings/memberip.html', {
         'members': members,
@@ -990,13 +984,11 @@ def member_from_ip(request, ip_address):
 
 
 @login_required
+@permission_required('member.change_profile', raise_exception=True)
 @require_POST
 def modify_karma(request):
     """ Add a Karma note to the user profile """
 
-    if not request.user.has_perm('member.change_profile'):
-        raise PermissionDenied
-
     try:
         profile_pk = int(request.POST['profile_pk'])
     except (KeyError, ValueError):