From 2e1b4a5f087b753c804c08b275a78ca52b998373 Mon Sep 17 00:00:00 2001
From: Magnus Hagander <magnus@hagander.net>
Date: Fri, 26 Jan 2018 11:03:10 +0100
Subject: [PATCH] Add explicit group permissions check for varnish purge and
 pending mod

Previously we just used "is member of staff", but for better granuality
explicitly also check membership of groups. This introduces the new
group "varnish purgers" for that permission.
---
 pgweb/core/views.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pgweb/core/views.py b/pgweb/core/views.py
index 70f1dd54..cdc91d98 100644
--- a/pgweb/core/views.py
+++ b/pgweb/core/views.py
@@ -252,6 +252,7 @@ def sync_timestamp(request):
 # List of all unapproved objects, for the special admin page
 @login_required
 @user_passes_test(lambda u: u.is_staff)
+@user_passes_test(lambda u: u.groups.filter(name='web slaves').exists())
 def admin_pending(request):
 	return render_to_response('core/admin_pending.html', {
 			'app_list': get_all_pending_moderations(),
@@ -260,6 +261,7 @@ def admin_pending(request):
 # Purge objects from varnish, for the admin pages
 @login_required
 @user_passes_test(lambda u: u.is_staff)
+@user_passes_test(lambda u: u.groups.filter(name='varnish purgers').exists())
 def admin_purge(request):
 	if request.method == 'POST':
 		url = request.POST['url']
-- 
2.39.5