debug only on the form endpoints -> requires_admin

Author: MoralCode

app.py

@@ -1089,7 +1089,7 @@ def email_webhook():
 
 
 @app.route("/add_ticket/<item_id>", methods=["POST"])
-@debug_only
+@requires_admin
 def add_ticket(item_id):
     if not checkAccessPointExists(item_id):
         return "Not found", 404
@@ -1393,7 +1393,7 @@ def uploadImageResize(file, access_point_id, count, is_thumbnail=False):
 
 
 @app.route("/edit/<id>")
-@debug_only
+@requires_admin
 def edit(id):
 
     if checkAccessPointExists(id):
@@ -1491,7 +1491,7 @@ def submit_suggestion():
 
 
 @app.route("/deleteTag/<name>", methods=["POST"])
-@debug_only
+@requires_admin
 def deleteTag(name):
     deleteTagGivenName(name)
     return redirect("/admin")
@@ -1503,7 +1503,7 @@ def deleteTag(name):
 
 
 @app.route("/delete/<id>", methods=["POST"])
-@debug_only
+@requires_admin
 def delete(id):
     if checkAccessPointExists(id):
         deleteAccessPointEntry(id)
@@ -1519,7 +1519,7 @@ def delete(id):
 
 
 @app.route("/editaccesspoint/<id>", methods=["POST"])
-@debug_only
+@requires_admin
 def editAccessPoint(id):
     m = db.session.execute(
         db.select(AccessPoint).where(AccessPoint.id == id)
@@ -1574,7 +1574,7 @@ def editAccessPoint(id):
 
 
 @app.route("/editTag/<name>", methods=["POST"])
-@debug_only
+@requires_admin
 def edit_tag(name):
     t = db.session.execute(db.select(Tag).where(Tag.name == name)).scalar_one()
     t.description = request.form["description"]
@@ -1589,7 +1589,7 @@ def edit_tag(name):
 
 
 @app.route("/edittitle/<id>", methods=["POST"])
-@debug_only
+@requires_admin
 def editTitle(id):
     m = db.session.execute(
         db.select(AccessPoint).where(AccessPoint.id == id)
@@ -1606,7 +1606,7 @@ def editTitle(id):
 
 
 @app.route("/editimage/<id>", methods=["POST"])
-@debug_only
+@requires_admin
 def editImage(id):
     image = db.session.execute(db.select(Image).where(Image.id == id)).scalar_one()
 
@@ -1628,7 +1628,7 @@ def editImage(id):
 
 
 @app.route("/makethumbnail", methods=["POST"])
-@debug_only
+@requires_admin
 def makeThumbnail():
     access_point_id = request.args.get("accesspointid", None)
     image_id = request.args.get("imageid", None)
@@ -1658,7 +1658,7 @@ def makeThumbnail():
 
 
 @app.route("/detachimage/<image_id>/from/<item_id>", methods=["POST"])
-@debug_only
+@requires_admin
 def detachImageEndpoint(image_id, item_id):
 
     detachImageByID(image_id, item_id)
@@ -1674,7 +1674,7 @@ def detachImageEndpoint(image_id, item_id):
 
 
 @app.route("/export", methods=["POST"])
-@debug_only
+@requires_admin
 def export_data():
     public = bool(int(request.args.get("p")))
     now = datetime.now()
@@ -1695,7 +1695,7 @@ def export_data():
 
 
 @app.route("/import", methods=["POST"])
-@debug_only
+@requires_admin
 def import_data():
     return ("", 501)
 
@@ -1706,7 +1706,7 @@ def import_data():
 
 
 @app.route("/addTag", methods=["POST"])
-@debug_only
+@requires_admin
 def add_tag():
     tag = Tag(name=request.form["name"], description="")
 
@@ -1722,7 +1722,7 @@ def add_tag():
 
 
 @app.route("/uploadimage/<id>", methods=["POST"])
-@debug_only
+@requires_admin
 def uploadNewImage(id):
     count = db.session.execute(
         db.select(func.count()).where(ImageAccessPointRelation.access_point_id == id)
@@ -1741,7 +1741,7 @@ def uploadNewImage(id):
 
 
 @app.route("/upload/elevator", methods=["POST"])
-@debug_only
+@requires_admin
 def upload():
 
     # Step 1: Find the building by its number