From 5582cd3473bbdbb6740fffb5942a38680ce69f85 Mon Sep 17 00:00:00 2001
From: Guillaume <GCodeur@users.noreply.github.com>
Date: Wed, 8 Feb 2017 20:42:01 +0100
Subject: [PATCH] Utilise permission_required pour la gestion des droits
 (#4182)

---
 zds/member/views.py | 18 +++++-------------
 1 file changed, 5 insertions(+), 13 deletions(-)

diff --git a/zds/member/views.py b/zds/member/views.py
index 658455e788..b1a905d9e2 100644
--- a/zds/member/views.py
+++ b/zds/member/views.py
@@ -8,7 +8,7 @@
 from django.conf import settings
 from django.contrib import messages
 from django.contrib.auth import authenticate, login, logout
-from django.contrib.auth.decorators import login_required
+from django.contrib.auth.decorators import login_required, permission_required
 from django.contrib.auth.models import User, Group
 from django.template.context_processors import csrf
 from django.core.exceptions import PermissionDenied
@@ -431,13 +431,11 @@ def unregister(request):
 @require_POST
 @can_write_and_read_now
 @login_required
+@permission_required('member.change_profile', raise_exception=True)
 @transaction.atomic
 def modify_profile(request, user_pk):
     """Modifies sanction of a user if there is a POST request."""
 
-    if not request.user.has_perm('member.change_profile'):
-        raise PermissionDenied
-
     profile = get_object_or_404(Profile, user__pk=user_pk)
     if profile.is_private():
         raise PermissionDenied
@@ -584,12 +582,10 @@ def articles(request):
 
 @can_write_and_read_now
 @login_required
+@permission_required('member.change_profile', raise_exception=True)
 def settings_mini_profile(request, user_name):
     """Minimal settings of users for staff."""
 
-    if not request.user.has_perm('member.change_profile'):
-        raise PermissionDenied
-
     # extra information about the current user
     profile = get_object_or_404(Profile, user__username=user_name)
     if request.method == 'POST':
@@ -976,12 +972,10 @@ def settings_promote(request, user_pk):
 
 
 @login_required
+@permission_required('member.change_profile', raise_exception=True)
 def member_from_ip(request, ip_address):
     """ Get list of user connected from a particular ip """
 
-    if not request.user.has_perm('member.change_profile'):
-        raise PermissionDenied
-
     members = Profile.objects.filter(last_ip_address=ip_address).order_by('-last_visit')
     return render(request, 'member/settings/memberip.html', {
         'members': members,
@@ -990,13 +984,11 @@ def member_from_ip(request, ip_address):
 
 
 @login_required
+@permission_required('member.change_profile', raise_exception=True)
 @require_POST
 def modify_karma(request):
     """ Add a Karma note to the user profile """
 
-    if not request.user.has_perm('member.change_profile'):
-        raise PermissionDenied
-
     try:
         profile_pk = int(request.POST['profile_pk'])
     except (KeyError, ValueError):