From baf067f5f2990d7bf954dfe410fbcd243c63152e Mon Sep 17 00:00:00 2001
From: ks129 <45097959+ks129@users.noreply.github.com>
Date: Wed, 2 Dec 2020 12:11:57 +0200
Subject: Lock all forms showing to admins only

---
 backend/routes/forms/index.py | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'backend/routes/forms/index.py')

diff --git a/backend/routes/forms/index.py b/backend/routes/forms/index.py
index 41a3ccd..605f184 100644
--- a/backend/routes/forms/index.py
+++ b/backend/routes/forms/index.py
@@ -1,6 +1,7 @@
 """
 Return a list of all forms to authenticated users.
 """
+from starlette.authentication import requires
 from starlette.requests import Request
 from starlette.responses import JSONResponse
 
@@ -15,6 +16,7 @@ class FormsList(Route):
     name = "forms_list"
     path = "/"
 
+    @requires(["authenticated", "admin"])
     async def get(self, request: Request) -> JSONResponse:
         forms = []
         cursor = request.state.db.forms.find()
-- 
cgit v1.2.3