From a67f809c879be306e71f43511823deed21868073 Mon Sep 17 00:00:00 2001
From: Piotr Gawron <piotr.gawron@uni.lu>
Date: Mon, 11 Dec 2017 14:45:54 +0100
Subject: [PATCH] security issue that allowed not logged user to access
 template data

---
 smash/web/views/__init__.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/smash/web/views/__init__.py b/smash/web/views/__init__.py
index 9a8ed660..6f232ada 100644
--- a/smash/web/views/__init__.py
+++ b/smash/web/views/__init__.py
@@ -2,6 +2,7 @@
 from django.conf import settings
 from django.contrib.auth.decorators import login_required
 from django.shortcuts import redirect, render
+from django.utils.decorators import method_decorator
 from django.views.generic.base import ContextMixin
 
 from notifications import get_notifications
@@ -53,11 +54,15 @@ def extend_context(params, request):
     return final_params
 
 
+@method_decorator(login_required, name='dispatch')
 class WrappedView(ContextMixin):
     def get_context_data(self, **kwargs):
         context = super(WrappedView, self).get_context_data(**kwargs)
         return extend_context(context, self.request)
 
+    def dispatch(self, *args, **kwargs):
+        return super(WrappedView, self).dispatch(*args, **kwargs)
+
 
 import auth
 import appointment
-- 
GitLab