From b50bcd004c83f9b2e3d45791f2c25d04e3b0703f Mon Sep 17 00:00:00 2001
From: Todd Dembrey <todd.dembrey@torchbox.com>
Date: Mon, 19 Mar 2018 17:04:16 +0000
Subject: [PATCH] Ensure only staff can access the reviews

---
 opentech/apply/review/views.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/opentech/apply/review/views.py b/opentech/apply/review/views.py
index 33459b301..5e33e9ab6 100644
--- a/opentech/apply/review/views.py
+++ b/opentech/apply/review/views.py
@@ -1,7 +1,9 @@
 from django.shortcuts import get_object_or_404
+from django.utils.decorators import method_decorator
 from django.views.generic import CreateView, ListView
 
 from opentech.apply.funds.models import ApplicationSubmission
+from opentech.apply.users.decorators import staff_required
 
 from .forms import ConceptReviewForm, ProposalReviewForm
 from .models import Review
@@ -55,6 +57,7 @@ class ReviewCreateView(CreateView):
         return self.submission.get_absolute_url()
 
 
+@method_decorator(staff_required, name='dispatch')
 class ReviewListView(ListView):
     model = Review
 
-- 
GitLab