Require a login if public and check for CSRF cookies for uploading images

author: Martin Green <martin.speleo@gmail.com> 2022-06-26 01:15:00 +0100
committer: Martin Green <martin.speleo@gmail.com> 2022-06-26 01:15:00 +0100
commit: 5fbe0b31c20b9b095e44c650127d6b3457a74f62 (patch)
tree: 500dd15ffb19f99360a5779a6d30c4b760676853 /core
parent: 24a016e76a310ab03b7923a005827ba63b96bd8a (diff)
download: troggle-5fbe0b31c20b9b095e44c650127d6b3457a74f62.tar.gz
troggle-5fbe0b31c20b9b095e44c650127d6b3457a74f62.tar.bz2
troggle-5fbe0b31c20b9b095e44c650127d6b3457a74f62.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/core/views/editor_helpers.py b/core/views/editor_helpers.py
index 960d6cf..319abb6 100644
--- a/core/views/editor_helpers.py
+++ b/core/views/editor_helpers.py
@@ -9,6 +9,9 @@ from pathlib import Path
 import django.forms as forms
 import troggle.settings as settings
 
+from django.views.decorators.csrf import ensure_csrf_cookie
+from .auth import login_required_if_public
+
 from troggle.lib import version_control
 
 MAX_IMAGE_WIDTH = 1000
@@ -36,6 +39,8 @@ def image_selector(request, path):
     
     return render(request, 'image_selector.html', {'thumbnails': thumbnails})
 
+@login_required_if_public
+@ensure_csrf_cookie
 def new_image_form(request, path):
     '''Manages a form to upload new images'''
     directory = path.rsplit('/', 1)[0]
author	Martin Green <martin.speleo@gmail.com>	2022-06-26 01:15:00 +0100
committer	Martin Green <martin.speleo@gmail.com>	2022-06-26 01:15:00 +0100
commit	5fbe0b31c20b9b095e44c650127d6b3457a74f62 (patch)
tree	500dd15ffb19f99360a5779a6d30c4b760676853 /core
parent	24a016e76a310ab03b7923a005827ba63b96bd8a (diff)
download	troggle-5fbe0b31c20b9b095e44c650127d6b3457a74f62.tar.gz troggle-5fbe0b31c20b9b095e44c650127d6b3457a74f62.tar.bz2 troggle-5fbe0b31c20b9b095e44c650127d6b3457a74f62.zip