Require admin when accessing REST pages

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>

2 files changed, 8 insertions, 0 deletions

diff --git a/ipsilon/providers/common.py b/ipsilon/providers/common.py
index dff302d..169fddc 100644
--- a/ipsilon/providers/common.py
+++ b/ipsilon/providers/common.py
@@ -19,6 +19,7 @@ from ipsilon.util.log import Log
 from ipsilon.util.plugin import PluginInstaller, PluginLoader
 from ipsilon.util.plugin import PluginObject, PluginConfig
 from ipsilon.util.page import Page
+from ipsilon.util.page import admin_protect
 from ipsilon.rest.common import RestPage
 import cherrypy
 
@@ -163,15 +164,19 @@ class RestProviderBase(RestPage):
         self.plugin_name = config.name
         self.cfg = config
 
+    @admin_protect
     def GET(self, *args, **kwargs):
         raise cherrypy.HTTPError(501)
 
+    @admin_protect
     def POST(self, *args, **kwargs):
         raise cherrypy.HTTPError(501)
 
+    @admin_protect
     def DELETE(self, *args, **kwargs):
         raise cherrypy.HTTPError(501)
 
+    @admin_protect
     def PUT(self, *args, **kwargs):
         raise cherrypy.HTTPError(501)
 
diff --git a/ipsilon/providers/saml2/rest.py b/ipsilon/providers/saml2/rest.py
index 6ad8ae6..730b374 100644
--- a/ipsilon/providers/saml2/rest.py
+++ b/ipsilon/providers/saml2/rest.py
@@ -6,6 +6,7 @@ from ipsilon.providers.common import FACILITY
 from ipsilon.rest.common import rest_error, jsonout
 from ipsilon.providers.saml2.provider import ServiceProviderCreator
 from ipsilon.providers.saml2.provider import InvalidProviderId
+from ipsilon.util.page import admin_protect
 from lasso import ServerAddProviderFailedError
 
 
@@ -77,10 +78,12 @@ class SPS(RestProviderBase):
         return dict(result=results)
 
     @jsonout
+    @admin_protect
     def GET(self, *args, **kwargs):
         return self._get_sp(*args, **kwargs)
 
     @jsonout
+    @admin_protect
     def POST(self, *args, **kwargs):
         cherrypy.response.status = 201