From b8e1809f947e564db007cb51467ea7e4c9c81215 Mon Sep 17 00:00:00 2001
From: Tim Abbott <tabbott@humbughq.com>
Date: Tue, 14 May 2013 10:41:15 -0400
Subject: [PATCH] Fix is_super_user_api for REST API.

(imported from commit 94ba18656ca3b0636da9d5ca7969872b31ae970b)
---
 zephyr/views.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/zephyr/views.py b/zephyr/views.py
index cf282a6752..f3e953ab78 100644
--- a/zephyr/views.py
+++ b/zephyr/views.py
@@ -915,7 +915,7 @@ def json_update_onboarding_steps(request, user_profile,
 # Currently tabbott/extra@mit.edu is our only superuser.  TODO: Make
 # this a real superuser security check.
 def is_super_user_api(request):
-    return request.POST.get("api-key") in ["xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"]
+    return request.user.is_authenticated() and request.user.email == "tabbott/extra@mit.edu"
 
 def mit_to_mit(user_profile, email):
     # Are the sender and recipient both @mit.edu addresses?