From 5fbe0b31c20b9b095e44c650127d6b3457a74f62 Mon Sep 17 00:00:00 2001
From: Martin Green <martin.speleo@gmail.com>
Date: Sun, 26 Jun 2022 01:15:00 +0100
Subject: [PATCH] Require a login if public and check for CSRF cookies for
 uploading images

---
 core/views/editor_helpers.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/core/views/editor_helpers.py b/core/views/editor_helpers.py
index 960d6cf..319abb6 100644
--- a/core/views/editor_helpers.py
+++ b/core/views/editor_helpers.py
@@ -9,6 +9,9 @@ from pathlib import Path
 import django.forms as forms
 import troggle.settings as settings
 
+from django.views.decorators.csrf import ensure_csrf_cookie
+from .auth import login_required_if_public
+
 from troggle.lib import version_control
 
 MAX_IMAGE_WIDTH = 1000
@@ -36,6 +39,8 @@ def image_selector(request, path):
     
     return render(request, 'image_selector.html', {'thumbnails': thumbnails})
 
+@login_required_if_public
+@ensure_csrf_cookie
 def new_image_form(request, path):
     '''Manages a form to upload new images'''
     directory = path.rsplit('/', 1)[0]