this ensure_csrf_cookie not requires_csrf_cookie... + add a login_required on the renkan edit view
--- a/server/src/metaeducation/urls.py Mon Jul 25 16:30:02 2016 +0200
+++ b/server/src/metaeducation/urls.py Mon Jul 25 17:39:24 2016 +0200
@@ -15,10 +15,11 @@
"""
from django.conf.urls import include, url
from django.contrib import admin
+from django.contrib.auth.decorators import login_required
from django.contrib.admin.views.decorators import staff_member_required
from django.contrib.staticfiles.urls import staticfiles_urlpatterns
from django.core.urlresolvers import reverse_lazy
-from django.views.decorators.csrf import requires_csrf_token
+from django.views.decorators.csrf import ensure_csrf_cookie
from django.views.generic import RedirectView
@@ -32,8 +33,8 @@
url(r'^accounts/', include('allauth.urls')),
url(r'^front/list/$', staff_member_required(ListRenkansView.as_view()), name='front_list_renkans'),
url(r'^front/new/$', NewRenkanView.as_view(), name='front_new_renkan'),
- url(r'^front/edit/(?P<renkan_guid>[\w-]+)/$', requires_csrf_token(EditRenkanView.as_view()), name='front_edit_renkan'),
- url(r'^front/view/(?P<renkan_guid>[\w-]+)/$', requires_csrf_token(ViewRenkanView.as_view()), name='front_view_renkan'),
+ url(r'^front/edit/(?P<renkan_guid>[\w-]+)/$', login_required(ensure_csrf_cookie(EditRenkanView.as_view())), name='front_edit_renkan'),
+ url(r'^front/view/(?P<renkan_guid>[\w-]+)/$', ensure_csrf_cookie(ViewRenkanView.as_view()), name='front_view_renkan'),
url(r'^tracking/$', UITrackingView.as_view(), name='tracking_view'),
url(r'^tracking/close/$', UITrackingViewClose.as_view(), name='tracking_view_close'),
url(r'^front/delete/$', staff_member_required(DeleteRenkanView.as_view()), name='front_delete_renkan')