Use @require_post for login_required_json_view.

(imported from commit e7efea5f016b1b44a0a3deba024e3df828006cfa)
This commit is contained in:
Tim Abbott 2012-10-30 14:37:28 -04:00
parent e7e05d8617
commit 9fa2f0d4f8
1 changed files with 2 additions and 9 deletions

View File

@ -51,9 +51,6 @@ def login_required_api_view(view_func):
@csrf_exempt @csrf_exempt
@require_post @require_post
def _wrapped_view_func(request, *args, **kwargs): def _wrapped_view_func(request, *args, **kwargs):
# Arguably @require_post should protect us from having to do
# this, but I don't want to count on us always getting the
# decorator ordering right.
try: try:
user_profile = UserProfile.objects.get(user__email=request.POST.get("email")) user_profile = UserProfile.objects.get(user__email=request.POST.get("email"))
except UserProfile.DoesNotExist: except UserProfile.DoesNotExist:
@ -67,19 +64,15 @@ def login_required_api_view(view_func):
# in. If not, return an error (the @login_required behavior of # in. If not, return an error (the @login_required behavior of
# redirecting to a login page doesn't make sense for json views) # redirecting to a login page doesn't make sense for json views)
def login_required_json_view(view_func): def login_required_json_view(view_func):
@require_post
def _wrapped_view_func(request, *args, **kwargs): def _wrapped_view_func(request, *args, **kwargs):
# Arguably @require_post should protect us from having to do
# this, but I don't want to count on us always getting the
# decorator ordering right.
if request.method != "POST":
return HttpResponseBadRequest('This form can only be submitted by POST.')
if not request.user.is_authenticated(): if not request.user.is_authenticated():
return json_error("Not logged in") return json_error("Not logged in")
return view_func(request, *args, **kwargs) return view_func(request, *args, **kwargs)
return _wrapped_view_func return _wrapped_view_func
def json_response(res_type="success", msg="", data={}, status=200): def json_response(res_type="success", msg="", data={}, status=200):
content = {"result":res_type, "msg":msg} content = {"result": res_type, "msg": msg}
content.update(data) content.update(data)
return HttpResponse(content=simplejson.dumps(content), return HttpResponse(content=simplejson.dumps(content),
mimetype='application/json', status=status) mimetype='application/json', status=status)