views: add missing @login_required restrictionsHEAD master

Add checks for logged user in folder/add and folder/update endpoints.
author: Alejandro Sirgo Rica <asirgo@soleta.eu> 2024-12-17 14:00:36 +0100
committer: Alejandro Sirgo Rica <asirgo@soleta.eu> 2024-12-17 16:04:23 +0100
commit: 655ffbc0bb78ea53259a5e792160c7818614ad8e (patch)
tree: e3be44dad95ab0d9162995c14a7169a4a0794e92
parent: f75a72b1cf26796ef12429dfc1b483cf3af984d3 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/ogcp/views.py b/ogcp/views.py
index a624dab..694435f 100644
--- a/ogcp/views.py
+++ b/ogcp/views.py
@@ -1651,6 +1651,7 @@ def action_folder_delete():
 
 @app.route('/action/folder/update', methods=['GET','POST'])
 @handle_server_errors('scopes')
+@login_required
 def action_folder_update():
     form = FolderForm(request.form)
     if request.method == 'POST':
@@ -1705,6 +1706,7 @@ def action_folder_add():
 
 @app.route('/action/folder/add', methods=['POST'])
 @handle_server_errors('scopes')
+@login_required
 def action_folder_add_post():
     form = FolderForm(request.form)
     payload = {"name": form.name.data}
author	Alejandro Sirgo Rica <asirgo@soleta.eu>	2024-12-17 14:00:36 +0100
committer	Alejandro Sirgo Rica <asirgo@soleta.eu>	2024-12-17 16:04:23 +0100
commit	655ffbc0bb78ea53259a5e792160c7818614ad8e (patch)
tree	e3be44dad95ab0d9162995c14a7169a4a0794e92
parent	f75a72b1cf26796ef12429dfc1b483cf3af984d3 (diff)