From 8730fc38a6a6949204eaa76d51f524165530f8f5 Mon Sep 17 00:00:00 2001
From: James Graham <J.Graham@software.ac.uk>
Date: Thu, 28 Feb 2019 12:19:02 +0000
Subject: [PATCH] Define required permissions on update and delete views

---
 applications/views.py           | 2 ++
 datasources/views/datasource.py | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/applications/views.py b/applications/views.py
index a886cfb..4c487b2 100644
--- a/applications/views.py
+++ b/applications/views.py
@@ -46,6 +46,7 @@ class ApplicationUpdateView(OwnerPermissionMixin, UpdateView):
     context_object_name = 'application'
 
     fields = '__all__'
+    permission_required = 'applications.change_application'
 
 
 class ApplicationDeleteView(OwnerPermissionMixin, DeleteView):
@@ -53,6 +54,7 @@ class ApplicationDeleteView(OwnerPermissionMixin, DeleteView):
     template_name = 'applications/application/delete.html'
     context_object_name = 'application'
 
+    permission_required = 'application.delete_application'
     success_url = reverse_lazy('applications:application.list')
 
 
diff --git a/datasources/views/datasource.py b/datasources/views/datasource.py
index 76ff48f..1ea6417 100644
--- a/datasources/views/datasource.py
+++ b/datasources/views/datasource.py
@@ -77,6 +77,7 @@ class DataSourceUpdateView(OwnerPermissionMixin, UpdateView):
     context_object_name = 'datasource'
 
     form_class = forms.DataSourceForm
+    permission_required = 'datasources.change_datasource'
 
 
 class DataSourceDeleteView(OwnerPermissionMixin, DeleteView):
@@ -84,6 +85,7 @@ class DataSourceDeleteView(OwnerPermissionMixin, DeleteView):
     template_name = 'datasources/datasource/delete.html'
     context_object_name = 'datasource'
 
+    permission_required = 'datasources.delete_datasource'
     success_url = reverse_lazy('datasources:datasource.list')
 
 
-- 
GitLab