diff options
| author |  ks129 <[email protected]> | 2020-12-02 12:11:57 +0200 |
|---|---|---|
| committer | ks129 <[email protected]> | 2020-12-02 12:11:57 +0200 |
| commit | baf067f5f2990d7bf954dfe410fbcd243c63152e (patch) | |
| tree | cea9de6ed565b8e6bffb037324af6857d83237ec /backend/routes | |
| parent | Move from PyMongo to Motor driver for asynchronous support (diff) | |
Lock all forms showing to admins only
Diffstat (limited to 'backend/routes')
| -rw-r--r-- | backend/routes/forms/index.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/backend/routes/forms/index.py b/backend/routes/forms/index.py index 41a3ccd..605f184 100644 --- a/backend/routes/forms/index.py +++ b/backend/routes/forms/index.py @@ -1,6 +1,7 @@ """ Return a list of all forms to authenticated users. """ +from starlette.authentication import requires from starlette.requests import Request from starlette.responses import JSONResponse @@ -15,6 +16,7 @@ class FormsList(Route): name = "forms_list" path = "/" + @requires(["authenticated", "admin"]) async def get(self, request: Request) -> JSONResponse: forms = [] cursor = request.state.db.forms.find() |