[FIX] website_mail: forbid access to email_designer routes to public user

bzr revid: chs@openerp.com-20140228151544-ipoih9c924rsbqi1
2014-02-28 16:15:44 +01:00 · 2014-02-28 16:15:44 +01:00 · a5fc14193d
parent 47c4728f43
commit a5fc14193d
1 changed files with 2 additions and 2 deletions
--- a/addons/website_mail/controllers/email_designer.py
+++ b/addons/website_mail/controllers/email_designer.py
@ -7,7 +7,7 @@ from openerp.addons.web.http import request

 class WebsiteEmailDesigner(http.Controller):

-    @http.route('/website_mail/email_designer/<model("email.template"):template>/', type='http', auth="public", website=True, multilang=True)
+    @http.route('/website_mail/email_designer/<model("email.template"):template>/', type='http', auth="user", website=True, multilang=True)
    def index(self, template, **kw):
        values = {
            'template': template,
@ -15,6 +15,6 @@ class WebsiteEmailDesigner(http.Controller):
        print template
        return request.website.render("website_mail.designer_index", values)

-    @http.route(['/website_mail/snippets'], type='json', auth="public", website=True)
+    @http.route(['/website_mail/snippets'], type='json', auth="user", website=True)
    def snippets(self):
        return request.website._render('website_mail.email_designer_snippets')