X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=bluechips%2Fcontrollers%2Fspend.py;h=098ac270ceaad3ca0684a6973d7353f1a3097fda;hb=9cc05ca9160a9432d037afb9cc22c511e2542947;hp=aceb6ade6a839519217703bfe5d8c647afcd0a05;hpb=c71777cf6aad82837ae5f1b6bdef8f34a5b5ec44;p=bluechips.git

diff --git a/bluechips/controllers/spend.py b/bluechips/controllers/spend.py
index aceb6ad..098ac27 100644
--- a/bluechips/controllers/spend.py
+++ b/bluechips/controllers/spend.py
@@ -9,8 +9,8 @@ from decimal import Decimal, InvalidOperation
 from bluechips.lib.base import *
 
 from pylons import request, app_globals as g
-from pylons.decorators.rest import dispatch_on
 from pylons.decorators import validate
+from pylons.decorators.secure import authenticate_form
 from pylons.controllers.util import abort
 
 from formencode import validators, Schema
@@ -91,6 +91,7 @@ class SpendController(BaseController):
         return render('/spend/index.mako')
 
     @redirect_on_get('edit')
+    @authenticate_form
     @validate(schema=ExpenditureSchema(), form='edit', variable_decode=True)
     def update(self, id=None):
         # Either create a new object, or, if we're editing, get the