From 5011f642436acd1a5de859d9bb7d38c7e269f35c Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 13 Nov 2007 11:15:07 -0500
Subject: Restrict access to some parts of the UI to those in the admins group

---
 ipa-server/ipa-gui/ipagui/subcontrollers/user.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'ipa-server/ipa-gui/ipagui/subcontrollers/user.py')

diff --git a/ipa-server/ipa-gui/ipagui/subcontrollers/user.py b/ipa-server/ipa-gui/ipagui/subcontrollers/user.py
index a33307ae..a527c098 100644
--- a/ipa-server/ipa-gui/ipagui/subcontrollers/user.py
+++ b/ipa-server/ipa-gui/ipagui/subcontrollers/user.py
@@ -96,7 +96,7 @@ class UserController(IPAController):
         raise turbogears.redirect("/user/list")
 
     @expose("ipagui.templates.usernew")
-    @identity.require(identity.not_anonymous())
+    @identity.require(identity.in_group("admins"))
     def new(self, tg_errors=None):
         """Displays the new user form"""
         if tg_errors:
@@ -106,7 +106,7 @@ class UserController(IPAController):
         return dict(form=user_new_form, user={})
 
     @expose()
-    @identity.require(identity.not_anonymous())
+    @identity.require(identity.in_group("admins"))
     def create(self, **kw):
         """Creates a new user"""
         self.restrict_post()
-- 
cgit