diff --git a/wagtail/wagtailadmin/views/account.py b/wagtail/wagtailadmin/views/account.py index f2e7e5a6c..d2601d6fd 100644 --- a/wagtail/wagtailadmin/views/account.py +++ b/wagtail/wagtailadmin/views/account.py @@ -2,7 +2,6 @@ from django.conf import settings from django.shortcuts import render, redirect from django.contrib import messages from django.contrib.auth.forms import SetPasswordForm -from django.contrib.auth.decorators import permission_required from django.contrib.auth.views import logout as auth_logout, login as auth_login from django.utils.translation import ugettext as _ from django.views.decorators.debug import sensitive_post_parameters @@ -14,7 +13,6 @@ from wagtail.wagtailusers.models import UserProfile from wagtail.wagtailcore.models import UserPagePermissionsProxy -@permission_required('wagtailadmin.access_admin') def account(request): user_perms = UserPagePermissionsProxy(request.user) show_notification_preferences = user_perms.can_edit_pages() or user_perms.can_publish_pages() @@ -25,7 +23,6 @@ def account(request): }) -@permission_required('wagtailadmin.access_admin') def change_password(request): can_change_password = request.user.has_usable_password() @@ -49,7 +46,6 @@ def change_password(request): }) -@permission_required('wagtailadmin.access_admin') def notification_preferences(request): if request.POST: diff --git a/wagtail/wagtailadmin/views/chooser.py b/wagtail/wagtailadmin/views/chooser.py index 1a2c9a109..8f171f141 100644 --- a/wagtail/wagtailadmin/views/chooser.py +++ b/wagtail/wagtailadmin/views/chooser.py @@ -2,7 +2,6 @@ from django.contrib.contenttypes.models import ContentType from django.shortcuts import get_object_or_404, render from django.http import Http404 from django.utils.http import urlencode -from django.contrib.auth.decorators import permission_required from django.core.paginator import Paginator, EmptyPage, PageNotAnInteger from wagtail.wagtailadmin.modal_workflow import render_modal_workflow @@ -20,7 +19,6 @@ def get_querystring(request): }) -@permission_required('wagtailadmin.access_admin') def browse(request, parent_page_id=None): page_type = request.GET.get('page_type') or 'wagtailcore.page' content_type_app_name, content_type_model_name = page_type.split('.') @@ -89,7 +87,6 @@ def browse(request, parent_page_id=None): }) -@permission_required('wagtailadmin.access_admin') def external_link(request): prompt_for_link_text = bool(request.GET.get('prompt_for_link_text')) @@ -123,7 +120,6 @@ def external_link(request): ) -@permission_required('wagtailadmin.access_admin') def email_link(request): prompt_for_link_text = bool(request.GET.get('prompt_for_link_text')) diff --git a/wagtail/wagtailadmin/views/home.py b/wagtail/wagtailadmin/views/home.py index e68ed0cbf..0c83d0f77 100644 --- a/wagtail/wagtailadmin/views/home.py +++ b/wagtail/wagtailadmin/views/home.py @@ -1,5 +1,4 @@ from django.shortcuts import render -from django.contrib.auth.decorators import permission_required from django.conf import settings from django.template import RequestContext from django.template.loader import render_to_string @@ -66,7 +65,6 @@ class RecentEditsPanel(object): }, RequestContext(self.request)) -@permission_required('wagtailadmin.access_admin') def home(request): panels = [ diff --git a/wagtail/wagtailadmin/views/page_privacy.py b/wagtail/wagtailadmin/views/page_privacy.py index 4cb7435c7..eb1092ef0 100644 --- a/wagtail/wagtailadmin/views/page_privacy.py +++ b/wagtail/wagtailadmin/views/page_privacy.py @@ -1,12 +1,11 @@ from django.core.exceptions import PermissionDenied -from django.contrib.auth.decorators import permission_required from django.shortcuts import get_object_or_404 from wagtail.wagtailcore.models import Page, PageViewRestriction from wagtail.wagtailadmin.forms import PageViewRestrictionForm from wagtail.wagtailadmin.modal_workflow import render_modal_workflow -@permission_required('wagtailadmin.access_admin') + def set_privacy(request, page_id): page = get_object_or_404(Page, id=page_id) page_perms = page.permissions_for_user(request.user) diff --git a/wagtail/wagtailadmin/views/pages.py b/wagtail/wagtailadmin/views/pages.py index 65c710e05..d48f15da6 100644 --- a/wagtail/wagtailadmin/views/pages.py +++ b/wagtail/wagtailadmin/views/pages.py @@ -4,7 +4,6 @@ from django.http import Http404, HttpResponse from django.shortcuts import render, redirect, get_object_or_404 from django.core.exceptions import ValidationError, PermissionDenied from django.contrib.contenttypes.models import ContentType -from django.contrib.auth.decorators import permission_required from django.core.paginator import Paginator, EmptyPage, PageNotAnInteger from django.core.urlresolvers import reverse from django.utils import timezone @@ -23,14 +22,13 @@ from wagtail.wagtailcore.models import Page, PageRevision, get_navigation_menu_i from wagtail.wagtailadmin import messages -@permission_required('wagtailadmin.access_admin') + def explorer_nav(request): return render(request, 'wagtailadmin/shared/explorer_nav.html', { 'nodes': get_navigation_menu_items(), }) -@permission_required('wagtailadmin.access_admin') def index(request, parent_page_id=None): if parent_page_id: parent_page = get_object_or_404(Page, id=parent_page_id) @@ -67,7 +65,6 @@ def index(request, parent_page_id=None): }) -@permission_required('wagtailadmin.access_admin') def add_subpage(request, parent_page_id): parent_page = get_object_or_404(Page, id=parent_page_id).specific if not parent_page.permissions_for_user(request.user).can_add_subpage(): @@ -89,7 +86,6 @@ def add_subpage(request, parent_page_id): }) -@permission_required('wagtailadmin.access_admin') def content_type_use(request, content_type_app_name, content_type_model_name): try: content_type = ContentType.objects.get_by_natural_key(content_type_app_name, content_type_model_name) @@ -123,7 +119,6 @@ def content_type_use(request, content_type_app_name, content_type_model_name): }) -@permission_required('wagtailadmin.access_admin') def create(request, content_type_app_name, content_type_model_name, parent_page_id): parent_page = get_object_or_404(Page, id=parent_page_id).specific parent_page_perms = parent_page.permissions_for_user(request.user) @@ -249,7 +244,6 @@ def create(request, content_type_app_name, content_type_model_name, parent_page_ }) -@permission_required('wagtailadmin.access_admin') def edit(request, page_id): latest_revision = get_object_or_404(Page, id=page_id).get_latest_revision() page = get_object_or_404(Page, id=page_id).get_latest_revision_as_page() @@ -383,7 +377,6 @@ def edit(request, page_id): }) -@permission_required('wagtailadmin.access_admin') def delete(request, page_id): page = get_object_or_404(Page, id=page_id).specific if not page.permissions_for_user(request.user).can_delete(): @@ -408,13 +401,11 @@ def delete(request, page_id): }) -@permission_required('wagtailadmin.access_admin') def view_draft(request, page_id): page = get_object_or_404(Page, id=page_id).get_latest_revision_as_page() return page.serve_preview(page.dummy_request(), page.default_preview_mode) -@permission_required('wagtailadmin.access_admin') def preview_on_edit(request, page_id): # Receive the form submission that would typically be posted to the 'edit' view. If submission is valid, # return the rendered page; if not, re-render the edit form @@ -444,7 +435,6 @@ def preview_on_edit(request, page_id): return response -@permission_required('wagtailadmin.access_admin') def preview_on_create(request, content_type_app_name, content_type_model_name, parent_page_id): # Receive the form submission that would typically be posted to the 'create' view. If submission is valid, # return the rendered page; if not, re-render the edit form @@ -520,7 +510,7 @@ def preview_loading(request): """ return HttpResponse("") -@permission_required('wagtailadmin.access_admin') + def unpublish(request, page_id): page = get_object_or_404(Page, id=page_id).specific if not page.permissions_for_user(request.user).can_unpublish(): @@ -538,7 +528,6 @@ def unpublish(request, page_id): }) -@permission_required('wagtailadmin.access_admin') def move_choose_destination(request, page_to_move_id, viewed_page_id=None): page_to_move = get_object_or_404(Page, id=page_to_move_id) page_perms = page_to_move.permissions_for_user(request.user) @@ -568,7 +557,6 @@ def move_choose_destination(request, page_to_move_id, viewed_page_id=None): }) -@permission_required('wagtailadmin.access_admin') def move_confirm(request, page_to_move_id, destination_id): page_to_move = get_object_or_404(Page, id=page_to_move_id).specific destination = get_object_or_404(Page, id=destination_id) @@ -590,7 +578,6 @@ def move_confirm(request, page_to_move_id, destination_id): }) -@permission_required('wagtailadmin.access_admin') def set_page_position(request, page_to_move_id): page_to_move = get_object_or_404(Page, id=page_to_move_id) parent_page = page_to_move.get_parent() @@ -630,7 +617,6 @@ def set_page_position(request, page_to_move_id): return HttpResponse('') -@permission_required('wagtailadmin.access_admin') def copy(request, page_id): page = Page.objects.get(id=page_id) @@ -703,7 +689,6 @@ def get_page_edit_handler(page_class): return PAGE_EDIT_HANDLERS[page_class] -@permission_required('wagtailadmin.access_admin') @vary_on_headers('X-Requested-With') def search(request): pages = [] @@ -745,7 +730,6 @@ def search(request): }) -@permission_required('wagtailadmin.access_admin') def approve_moderation(request, revision_id): revision = get_object_or_404(PageRevision, id=revision_id) if not revision.page.permissions_for_user(request.user).can_publish(): @@ -763,7 +747,6 @@ def approve_moderation(request, revision_id): return redirect('wagtailadmin_home') -@permission_required('wagtailadmin.access_admin') def reject_moderation(request, revision_id): revision = get_object_or_404(PageRevision, id=revision_id) if not revision.page.permissions_for_user(request.user).can_publish(): @@ -781,7 +764,6 @@ def reject_moderation(request, revision_id): return redirect('wagtailadmin_home') -@permission_required('wagtailadmin.access_admin') @require_GET def preview_for_moderation(request, revision_id): revision = get_object_or_404(PageRevision, id=revision_id) @@ -801,7 +783,6 @@ def preview_for_moderation(request, revision_id): return page.serve_preview(request, page.default_preview_mode) -@permission_required('wagtailadmin.access_admin') @require_POST def lock(request, page_id): # Get the page @@ -826,7 +807,6 @@ def lock(request, page_id): return redirect('wagtailadmin_explore', page.get_parent().id) -@permission_required('wagtailadmin.access_admin') @require_POST def unlock(request, page_id): # Get the page diff --git a/wagtail/wagtailadmin/views/tags.py b/wagtail/wagtailadmin/views/tags.py index bef3043ae..175e9ebc2 100644 --- a/wagtail/wagtailadmin/views/tags.py +++ b/wagtail/wagtailadmin/views/tags.py @@ -3,10 +3,8 @@ import json from taggit.models import Tag from django.http import HttpResponse -from django.contrib.auth.decorators import permission_required -@permission_required('wagtailadmin.access_admin') def autocomplete(request): term = request.GET.get('term', None) if term: diff --git a/wagtail/wagtailadmin/views/userbar.py b/wagtail/wagtailadmin/views/userbar.py index c41b5aed1..6267f3ab2 100644 --- a/wagtail/wagtailadmin/views/userbar.py +++ b/wagtail/wagtailadmin/views/userbar.py @@ -1,12 +1,10 @@ from django.shortcuts import render -from django.contrib.auth.decorators import permission_required from wagtail.wagtailadmin.userbar import EditPageItem, AddPageItem, ApproveModerationEditPageItem, RejectModerationEditPageItem from wagtail.wagtailcore import hooks from wagtail.wagtailcore.models import Page, PageRevision -@permission_required('wagtailadmin.access_admin', raise_exception=True) def for_frontend(request, page_id): items = [ EditPageItem(Page.objects.get(id=page_id)), @@ -28,7 +26,6 @@ def for_frontend(request, page_id): }) -@permission_required('wagtailadmin.access_admin', raise_exception=True) def for_moderation(request, revision_id): items = [ EditPageItem(PageRevision.objects.get(id=revision_id).page), diff --git a/wagtail/wagtaildocs/views/chooser.py b/wagtail/wagtaildocs/views/chooser.py index bf081715d..3da048c87 100644 --- a/wagtail/wagtaildocs/views/chooser.py +++ b/wagtail/wagtaildocs/views/chooser.py @@ -12,7 +12,6 @@ from wagtail.wagtaildocs.models import Document from wagtail.wagtaildocs.forms import DocumentForm -@permission_required('wagtailadmin.access_admin') def chooser(request): if request.user.has_perm('wagtaildocs.add_document'): uploadform = DocumentForm() @@ -77,7 +76,6 @@ def chooser(request): }) -@permission_required('wagtailadmin.access_admin') def document_chosen(request, document_id): document = get_object_or_404(Document, id=document_id) diff --git a/wagtail/wagtaildocs/views/documents.py b/wagtail/wagtaildocs/views/documents.py index 127e14839..4e4fbbb7b 100644 --- a/wagtail/wagtaildocs/views/documents.py +++ b/wagtail/wagtaildocs/views/documents.py @@ -103,7 +103,6 @@ def add(request): }) -@permission_required('wagtailadmin.access_admin') # more specific permission tests are applied within the view def edit(request, document_id): doc = get_object_or_404(Document, id=document_id) @@ -140,7 +139,6 @@ def edit(request, document_id): }) -@permission_required('wagtailadmin.access_admin') # more specific permission tests are applied within the view def delete(request, document_id): doc = get_object_or_404(Document, id=document_id) @@ -157,7 +155,6 @@ def delete(request, document_id): }) -@permission_required('wagtailadmin.access_admin') def usage(request, document_id): doc = get_object_or_404(Document, id=document_id) diff --git a/wagtail/wagtailforms/views.py b/wagtail/wagtailforms/views.py index f0dce9010..c9bf652f2 100644 --- a/wagtail/wagtailforms/views.py +++ b/wagtail/wagtailforms/views.py @@ -11,14 +11,12 @@ from django.core.paginator import Paginator, EmptyPage, PageNotAnInteger from django.core.exceptions import PermissionDenied from django.http import HttpResponse from django.shortcuts import get_object_or_404, render -from django.contrib.auth.decorators import permission_required from wagtail.wagtailcore.models import Page from wagtail.wagtailforms.models import FormSubmission, get_forms_for_user from wagtail.wagtailforms.forms import SelectDateForm -@permission_required('wagtailadmin.access_admin') def index(request): p = request.GET.get("p", 1) @@ -38,7 +36,6 @@ def index(request): }) -@permission_required('wagtailadmin.access_admin') def list_submissions(request, page_id): form_page = get_object_or_404(Page, id=page_id).specific diff --git a/wagtail/wagtailimages/views/chooser.py b/wagtail/wagtailimages/views/chooser.py index 02b1722ec..00569bc35 100644 --- a/wagtail/wagtailimages/views/chooser.py +++ b/wagtail/wagtailimages/views/chooser.py @@ -32,7 +32,6 @@ def get_image_json(image): }) -@permission_required('wagtailadmin.access_admin') def chooser(request): Image = get_image_model() @@ -100,7 +99,6 @@ def chooser(request): }) -@permission_required('wagtailadmin.access_admin') def image_chosen(request, image_id): image = get_object_or_404(get_image_model(), id=image_id) @@ -151,7 +149,6 @@ def chooser_upload(request): ) -@permission_required('wagtailadmin.access_admin') def chooser_select_format(request, image_id): image = get_object_or_404(get_image_model(), id=image_id) diff --git a/wagtail/wagtailimages/views/images.py b/wagtail/wagtailimages/views/images.py index ae405a81e..91d84745a 100644 --- a/wagtail/wagtailimages/views/images.py +++ b/wagtail/wagtailimages/views/images.py @@ -78,7 +78,6 @@ def index(request): }) -@permission_required('wagtailadmin.access_admin') # more specific permission tests are applied within the view def edit(request, image_id): Image = get_image_model() ImageForm = get_image_form(Image) @@ -127,7 +126,6 @@ def edit(request, image_id): }) -@permission_required('wagtailadmin.access_admin') # more specific permission tests are applied within the view def url_generator(request, image_id): image = get_object_or_404(get_image_model(), id=image_id) @@ -150,7 +148,6 @@ def json_response(document, status=200): return HttpResponse(json.dumps(document), content_type='application/json', status=status) -@permission_required('wagtailadmin.access_admin') def generate_url(request, image_id, filter_spec): # Get the image Image = get_image_model() @@ -191,7 +188,6 @@ def generate_url(request, image_id, filter_spec): return json_response({'url': site_root_url + url, 'preview_url': preview_url}, status=200) -@permission_required('wagtailadmin.access_admin') def preview(request, image_id, filter_spec): image = get_object_or_404(get_image_model(), id=image_id) @@ -201,7 +197,6 @@ def preview(request, image_id, filter_spec): return HttpResponse("Invalid filter spec: " + filter_spec, content_type='text/plain', status=400) -@permission_required('wagtailadmin.access_admin') # more specific permission tests are applied within the view def delete(request, image_id): image = get_object_or_404(get_image_model(), id=image_id) @@ -248,7 +243,6 @@ def add(request): }) -@permission_required('wagtailadmin.access_admin') def usage(request, image_id): image = get_object_or_404(get_image_model(), id=image_id) diff --git a/wagtail/wagtailimages/views/multiple.py b/wagtail/wagtailimages/views/multiple.py index c78a3393f..278354a17 100644 --- a/wagtail/wagtailimages/views/multiple.py +++ b/wagtail/wagtailimages/views/multiple.py @@ -101,7 +101,6 @@ def add(request): @require_POST -@permission_required('wagtailadmin.access_admin') # more specific permission tests are applied within the view def edit(request, image_id, callback=None): Image = get_image_model() ImageForm = get_image_edit_form(Image) @@ -139,7 +138,6 @@ def edit(request, image_id, callback=None): @require_POST -@permission_required('wagtailadmin.access_admin') # more specific permission tests are applied within the view def delete(request, image_id): image = get_object_or_404(get_image_model(), id=image_id) diff --git a/wagtail/wagtailsearch/views/editorspicks.py b/wagtail/wagtailsearch/views/editorspicks.py index fd904a7e2..aeab32e4e 100644 --- a/wagtail/wagtailsearch/views/editorspicks.py +++ b/wagtail/wagtailsearch/views/editorspicks.py @@ -1,5 +1,4 @@ from django.shortcuts import render, redirect, get_object_or_404 -from django.contrib.auth.decorators import permission_required from django.core.urlresolvers import reverse from django.core.paginator import Paginator, EmptyPage, PageNotAnInteger @@ -11,7 +10,6 @@ from wagtail.wagtailadmin.forms import SearchForm from wagtail.wagtailadmin import messages -@permission_required('wagtailadmin.access_admin') @vary_on_headers('X-Requested-With') def index(request): is_searching = False @@ -70,7 +68,6 @@ def save_editorspicks(query, new_query, editors_pick_formset): return False -@permission_required('wagtailadmin.access_admin') def add(request): if request.POST: # Get query @@ -102,7 +99,6 @@ def add(request): }) -@permission_required('wagtailadmin.access_admin') def edit(request, query_id): query = get_object_or_404(models.Query, id=query_id) @@ -138,7 +134,6 @@ def edit(request, query_id): }) -@permission_required('wagtailadmin.access_admin') def delete(request, query_id): query = get_object_or_404(models.Query, id=query_id) diff --git a/wagtail/wagtailsearch/views/queries.py b/wagtail/wagtailsearch/views/queries.py index a6eb2c0b2..0baee0ae4 100644 --- a/wagtail/wagtailsearch/views/queries.py +++ b/wagtail/wagtailsearch/views/queries.py @@ -1,6 +1,5 @@ from django.shortcuts import render from django.core.paginator import Paginator, EmptyPage, PageNotAnInteger -from django.contrib.auth.decorators import permission_required from wagtail.wagtailadmin.modal_workflow import render_modal_workflow from wagtail.wagtailadmin.forms import SearchForm @@ -9,7 +8,6 @@ from wagtail.wagtailsearch import models from wagtail.wagtailsearch.utils import normalise_query_string -@permission_required('wagtailadmin.access_admin') def chooser(request, get_results=False): # Get most popular queries queries = models.Query.get_most_popular() diff --git a/wagtail/wagtailsnippets/views/chooser.py b/wagtail/wagtailsnippets/views/chooser.py index 478c66a60..fdbcb6f4a 100644 --- a/wagtail/wagtailsnippets/views/chooser.py +++ b/wagtail/wagtailsnippets/views/chooser.py @@ -3,14 +3,12 @@ import json from six import text_type from django.shortcuts import get_object_or_404 -from django.contrib.auth.decorators import permission_required from wagtail.wagtailadmin.modal_workflow import render_modal_workflow from wagtail.wagtailsnippets.views.snippets import get_content_type_from_url_params, get_snippet_type_name -@permission_required('wagtailadmin.access_admin') def choose(request, content_type_app_name, content_type_model_name): content_type = get_content_type_from_url_params(content_type_app_name, content_type_model_name) model = content_type.model_class() @@ -29,7 +27,6 @@ def choose(request, content_type_app_name, content_type_model_name): ) -@permission_required('wagtailadmin.access_admin') def chosen(request, content_type_app_name, content_type_model_name, id): content_type = get_content_type_from_url_params(content_type_app_name, content_type_model_name) model = content_type.model_class() diff --git a/wagtail/wagtailsnippets/views/snippets.py b/wagtail/wagtailsnippets/views/snippets.py index 2255a6c4b..565e1f40f 100644 --- a/wagtail/wagtailsnippets/views/snippets.py +++ b/wagtail/wagtailsnippets/views/snippets.py @@ -3,7 +3,6 @@ from django.shortcuts import get_object_or_404, render, redirect from django.utils.encoding import force_text from django.utils.text import capfirst from django.contrib.contenttypes.models import ContentType -from django.contrib.auth.decorators import permission_required from django.core.exceptions import PermissionDenied from django.utils.translation import ugettext as _ from django.core.urlresolvers import reverse @@ -70,7 +69,6 @@ def get_snippet_edit_handler(model): # == Views == -@permission_required('wagtailadmin.access_admin') def index(request): snippet_types = [ ( @@ -86,7 +84,6 @@ def index(request): }) -@permission_required('wagtailadmin.access_admin') # further permissions are enforced within the view def list(request, content_type_app_name, content_type_model_name): content_type = get_content_type_from_url_params(content_type_app_name, content_type_model_name) if not user_can_edit_snippet_type(request.user, content_type): @@ -105,7 +102,6 @@ def list(request, content_type_app_name, content_type_model_name): }) -@permission_required('wagtailadmin.access_admin') # further permissions are enforced within the view def create(request, content_type_app_name, content_type_model_name): content_type = get_content_type_from_url_params(content_type_app_name, content_type_model_name) if not user_can_edit_snippet_type(request.user, content_type): @@ -149,7 +145,6 @@ def create(request, content_type_app_name, content_type_model_name): }) -@permission_required('wagtailadmin.access_admin') # further permissions are enforced within the view def edit(request, content_type_app_name, content_type_model_name, id): content_type = get_content_type_from_url_params(content_type_app_name, content_type_model_name) if not user_can_edit_snippet_type(request.user, content_type): @@ -194,7 +189,6 @@ def edit(request, content_type_app_name, content_type_model_name, id): }) -@permission_required('wagtailadmin.access_admin') # further permissions are enforced within the view def delete(request, content_type_app_name, content_type_model_name, id): content_type = get_content_type_from_url_params(content_type_app_name, content_type_model_name) if not user_can_edit_snippet_type(request.user, content_type): @@ -223,7 +217,6 @@ def delete(request, content_type_app_name, content_type_model_name, id): }) -@permission_required('wagtailadmin.access_admin') def usage(request, content_type_app_name, content_type_model_name, id): content_type = get_content_type_from_url_params(content_type_app_name, content_type_model_name) model = content_type.model_class()