anon should not see security management view stable
authorSylvain Thénault <sylvain.thenault@logilab.fr>
Wed, 20 May 2009 11:54:54 +0200
branchstable
changeset 1877 10b9feeb7905
parent 1876 b06a797448aa
child 1878 204b79e3e0ec
anon should not see security management view
web/views/management.py
--- a/web/views/management.py	Wed May 20 09:41:55 2009 +0200
+++ b/web/views/management.py	Wed May 20 11:54:54 2009 +0200
@@ -10,7 +10,7 @@
 
 from logilab.mtconverter import html_escape
 
-from cubicweb.selectors import yes, none_rset, match_user_groups
+from cubicweb.selectors import yes, none_rset, match_user_groups, authenticated_user
 from cubicweb.view import AnyRsetView, StartupView, EntityView
 from cubicweb.common.uilib import html_traceback, rest_traceback
 from cubicweb.web import formwidgets
@@ -65,6 +65,8 @@
 class SecurityManagementView(EntityView, SecurityViewMixIn):
     """display security information for a given entity"""
     id = 'security'
+    __select__ = EntityView.__select__ & authenticated_user()
+
     title = _('security')
     def call(self):
         self.w(u'<div id="progress">%s</div>' % self.req._('validating...'))
@@ -181,7 +183,6 @@
         self.w(form.form_render(renderer=HTableFormRenderer(display_progress_div=False)))
 
 
-
 class ErrorView(AnyRsetView):
     """default view when no result has been found"""
     __select__ = yes()
@@ -271,6 +272,7 @@
     binfo += '\n'
     return binfo
 
+
 class ProcessInformationView(StartupView):
     id = 'info'
     __select__ = none_rset() & match_user_groups('managers')