X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=bluechips%2Fcontrollers%2Fuser.py;h=a5ebab3a8e22a42136a342f7498ff9e471d4f57d;hb=fed6d11d2cbd6d617d18bc01a78196865da4155b;hp=8fff3c8efa3ec92b5faa6015a80475966200a1c0;hpb=4f3b35da3c12251c426f9786f77d4b7aed3e243e;p=bluechips.git

diff --git a/bluechips/controllers/user.py b/bluechips/controllers/user.py
index 8fff3c8..a5ebab3 100644
--- a/bluechips/controllers/user.py
+++ b/bluechips/controllers/user.py
@@ -5,10 +5,13 @@ Calculate the current state of the books
 import logging
 
 from bluechips.lib.base import *
+from bluechips.lib.permissions import BlueChipResident
 
 import sqlalchemy
 from sqlalchemy import orm
 
+from authkit.authorize.pylons_adaptors import authorize
+
 from pylons import request
 from pylons.decorators import validate
 from pylons.decorators.secure import authenticate_form
@@ -70,11 +73,13 @@ class UserController(BaseController):
             h.flash("Updated email address to '%s'." % new_email)
         return h.redirect_to('/')
 
+    @authorize(BlueChipResident())
     def new(self):
         c.title = 'Register a New User'
         return render('/user/new.mako')
 
     @authenticate_form
+    @authorize(BlueChipResident())
     @validate(schema=NewUserSchema(), form='new')
     def create(self):
         u = model.User(username=self.form_result['username'],
@@ -88,7 +93,7 @@ class UserController(BaseController):
         if self.form_result['password'] is not None:
             u.password = self.form_result['password']
 
-        meta.Session.save(u)
+        meta.Session.add(u)
         meta.Session.commit()
 
         h.flash('Successfully created new user %s' % u.username)