Restrict user list page to moderators only

author: rubenwardy <rw@rubenwardy.com> 2018-05-13 16:56:18 +0100
committer: rubenwardy <rw@rubenwardy.com> 2018-05-13 16:56:18 +0100
commit: f3c433de06e19ae9a6e1706b4746d46e6a33d70c (patch)
tree: a44f252f38f91105a61ffb322a4ff7f2000c8213 /app
parent: 167a9f14cdce9c01a0097e86a46e45438ed88628 (diff)
download: cheatdb-f3c433de06e19ae9a6e1706b4746d46e6a33d70c.tar.xz
2 files changed, 4 insertions, 1 deletions
diff --git a/app/templates/admin/list.html b/app/templates/admin/list.html
index af845a9..1c0301e 100644
--- a/app/templates/admin/list.html
+++ b/app/templates/admin/list.html
@@ -6,6 +6,7 @@
 
 {% block content %}
 	<ul>
-		<a href="{{ url_for('switch_user_page') }}">Sign in as another user</a>
+		<li><a href="{{ url_for('user_list_page') }}">User list</a></li>
+		<li><a href="{{ url_for('switch_user_page') }}">Sign in as another user</a></li>
 	</ul>
 {% endblock %}
diff --git a/app/views/users.py b/app/views/users.py
index 3ac37c2..995f09c 100644
--- a/app/views/users.py
+++ b/app/views/users.py
@@ -8,6 +8,7 @@ from flask_wtf import FlaskForm
 from flask_user.forms import RegisterForm
 from wtforms import *
 from wtforms.validators import *
+from .utils import rank_required
 
 class MyRegisterForm(RegisterForm):
 	display_name = StringField("Display name")
@@ -19,6 +20,7 @@ class UserProfileForm(FlaskForm):
 	submit = SubmitField("Save")
 
 @app.route("/users/", methods=["GET"])
+@rank_required(UserRank.MODERATOR)
 def user_list_page():
 	users = User.query.all()
 	return render_template("users/list.html", users=users)
author	rubenwardy <rw@rubenwardy.com>	2018-05-13 16:56:18 +0100
committer	rubenwardy <rw@rubenwardy.com>	2018-05-13 16:56:18 +0100
commit	f3c433de06e19ae9a6e1706b4746d46e6a33d70c (patch)
tree	a44f252f38f91105a61ffb322a4ff7f2000c8213 /app
parent	167a9f14cdce9c01a0097e86a46e45438ed88628 (diff)
download	cheatdb-f3c433de06e19ae9a6e1706b4746d46e6a33d70c.tar.xz