From 9021c42ded916b5d7d3c5fd63128ee805adb7474 Mon Sep 17 00:00:00 2001
From: okalintu <ilkka.oks4nen@gmail.com>
Date: Thu, 25 Aug 2016 21:51:30 +0300
Subject: [PATCH] restricted accessrights to membersapi

---
 members/views.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/members/views.py b/members/views.py
index 8f0a1b4..637b91f 100644
--- a/members/views.py
+++ b/members/views.py
@@ -1,5 +1,6 @@
 from django.shortcuts import render, get_object_or_404
 from django.contrib.auth.decorators import permission_required
+from django.views.decorators.http import require_http_methods
 from django.views.decorators.csrf import ensure_csrf_cookie
 from django.http import HttpResponse, HttpResponseBadRequest
 from django.core.exceptions import ValidationError
@@ -7,16 +8,21 @@ from members.models import Member, MemberRequest
 import json
 
 @ensure_csrf_cookie
+@require_http_methods(["GET"])
 @permission_required('members.change_member', login_url='/login')
 def index(request, *args, **kwargs):
     return render(request, 'members_index.html',{})
 
 @ensure_csrf_cookie
+@require_http_methods(["GET"])
+@permission_required('members.change_member', login_url='/login')
 def members(request, *args, **kwargs):
     mems = list(map(lambda m: m.get_dict(),Member.objects.all()))
     return HttpResponse(json.dumps(mems))
 
 @ensure_csrf_cookie
+@require_http_methods(["GET", "POST", "DELETE","PUT"])
+@permission_required('members.change_member', login_url='/login')
 def member(request,*args, **kwargs):
 
     # get, put and delete together since all operate on existing objects
@@ -60,6 +66,8 @@ def member(request,*args, **kwargs):
             return HttpResponseBadRequest('{"error" : "Invalid parameters supplied"}')
 
 @ensure_csrf_cookie
+@require_http_methods(["POST"])
+@permission_required('members.change_member', login_url='/login')
 def csv_import(request, *args, **kwargs):
     data = request.body.decode("utf-8")
     resp_data = Member.import_csv(data)
@@ -69,6 +77,8 @@ def csv_import(request, *args, **kwargs):
     return resp
 
 @ensure_csrf_cookie
+@require_http_methods(["GET"])
+@permission_required('members.change_member', login_url='/login')
 def member_requests(request, *args, **kwargs):
     reqs = list(map(lambda r: r.get_dict(),MemberRequest.objects.all()))
     return HttpResponse(json.dumps(reqs))
@@ -85,6 +95,8 @@ def new_member_request(request, *args, **kwargs):
         return HttpResponseBadRequest('{"error" : "Invalid parameters supplied"}')
 
 @ensure_csrf_cookie
+@require_http_methods(["GET", "POST", "DELETE"])
+@permission_required('members.change_member', login_url='/login')
 def handle_mem_request(request, idx, *args, **kwargs):
     try:
         req = MemberRequest.objects.get(pk=idx)