From ad488511187228d1b679a423ceeeff3733e0d548 Mon Sep 17 00:00:00 2001 From: Philip Sargent Date: Wed, 22 Mar 2023 15:04:34 +0000 Subject: [PATCH] re-enable login restriction on wallet create --- core/views/wallets_edit.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/core/views/wallets_edit.py b/core/views/wallets_edit.py index 4ce590f..a2793b2 100644 --- a/core/views/wallets_edit.py +++ b/core/views/wallets_edit.py @@ -256,7 +256,7 @@ def get_complaints(complaints, waldata, svxfiles, files, wallet, wurl): return complaints, caveobject -# @login_required_if_public +@login_required_if_public def walletedit(request, path=None): """Create a new wallet or upload scanned image files into a wallet on /expofiles Also display AND EDIT the contents.json data in the wallet. @@ -408,7 +408,9 @@ def walletedit(request, path=None): # print(f'--- FINISHED saving to JSON at {contents_path}') def make_wallet(walletname): - """We need a wallet Object so that the django template stuff can find the files""" + """We need a wallet Object so that the django template stuff can find the files + BUT we must restrict this to logged-in users otherwise spiderbots get at + the hidden Submit button and create zillions of the buggers""" try: w, created = Wallet.objects.get_or_create(walletname=walletname) # print(f"--- Wallet string {walletname}, wallet object {w} created new?: {created}")