CSRF protection. #361
[zzz-spline-users.git] / splinext / users / controllers / admin.py
1 import logging
2
3 from pylons import config, request, response, session, tmpl_context as c, url
4 from pylons.controllers.util import abort, redirect
5
6 from spline.model import meta
7 from spline.lib.base import BaseController, render
8 from splinext.users import model as users_model
9
10 log = logging.getLogger(__name__)
11
12
13 class AdminController(BaseController):
14
15 def permissions(self):
16 if not c.user.can('administrate'):
17 abort(403)
18
19 c.roles = meta.Session.query(users_model.Role) \
20 .order_by(users_model.Role.id.asc()).all()
21 return render('/users/admin/permissions.mako')