From 4351ee662070d4ff08d378fc0db572ec2b6b5ab7 Mon Sep 17 00:00:00 2001
From: Pierre-Yves Chibon <pingou@pingoured.fr>
Date: May 26 2014 15:44:27 +0000
Subject: Add decorator allowing easy restriction of the endpoint to progit admins only


---

diff --git a/progit/admin.py b/progit/admin.py
index 1ff6a2c..39015c0 100644
--- a/progit/admin.py
+++ b/progit/admin.py
@@ -8,12 +8,29 @@
 
 """
 
+from functools import wraps
+
 import flask
 
-from progit import (APP, SESSION, LOG, cla_required,
+from progit import (APP, SESSION, LOG, cla_required, authenticated,
                     generate_gitolite_acls, generate_authorized_key_file)
 
 
+def admin_required(function):
+    """ Flask decorator to retrict access to admins of progit.
+    """
+    @wraps(function)
+    def decorated_function(*args, **kwargs):
+        """ Decorated function, actually does the work. """
+        if not authenticated():
+            return flask.redirect(
+                flask.url_for('auth_login', next=flask.request.url))
+        elif not is_admin():
+            flask.flash('Access restricted', 'error')
+            return flask.redirect(flask.url_for('.index'))
+        return function(*args, **kwargs)
+    return decorated_function
+
 
 ### Application