From 6a11b8446354c927a27b2d81ed5022fb78fd3eaf Mon Sep 17 00:00:00 2001
From: Ismael Carnales <icarnales@gmail.com>
Date: Tue, 10 Nov 2009 18:32:47 -0200
Subject: added login_required to protect todolists views

---
 todolists/views.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/todolists/views.py b/todolists/views.py
index 8d99bdb..10d36e1 100644
--- a/todolists/views.py
+++ b/todolists/views.py
@@ -4,7 +4,7 @@ from django.http import HttpResponseRedirect
 from django.template import RequestContext
 from django.core.mail import send_mail
 from django.shortcuts import get_object_or_404, render_to_response
-from django.contrib.auth.decorators import permission_required
+from django.contrib.auth.decorators import login_required, permission_required
 from django.views.generic.create_update import delete_object
 from django.template import Context, loader
 from archweb.main.models import Todolist, TodolistPkg, Package
@@ -27,6 +27,7 @@ class TodoListForm(forms.Form):
         return packages
 
 
+@login_required
 def flag(request, listid, pkgid):
     list = get_object_or_404(Todolist, id=listid)
     pkg  = get_object_or_404(TodolistPkg, id=pkgid)
@@ -34,11 +35,13 @@ def flag(request, listid, pkgid):
     pkg.save()
     return HttpResponseRedirect('/todo/%s/' % (listid))
 
+@login_required
 def view(request, listid):
     list = get_object_or_404(Todolist, id=listid)
     return render_to_response('todolists/view.html', 
         RequestContext(request, {'list':list}))
 
+@login_required
 def list(request):
     lists = Todolist.objects.order_by('-date_added')
     for l in lists:
-- 
cgit v1.2.3-24-g4f1b