Fix is_super_user_api for REST API.

(imported from commit 94ba18656ca3b0636da9d5ca7969872b31ae970b)
This commit is contained in:
Tim Abbott 2013-05-14 10:41:15 -04:00
parent 6664ac8014
commit b8e1809f94
1 changed files with 1 additions and 1 deletions

View File

@ -915,7 +915,7 @@ def json_update_onboarding_steps(request, user_profile,
# Currently tabbott/extra@mit.edu is our only superuser. TODO: Make # Currently tabbott/extra@mit.edu is our only superuser. TODO: Make
# this a real superuser security check. # this a real superuser security check.
def is_super_user_api(request): def is_super_user_api(request):
return request.POST.get("api-key") in ["xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"] return request.user.is_authenticated() and request.user.email == "tabbott/extra@mit.edu"
def mit_to_mit(user_profile, email): def mit_to_mit(user_profile, email):
# Are the sender and recipient both @mit.edu addresses? # Are the sender and recipient both @mit.edu addresses?