From 13bb83e7a957c37f1882bffb3fcf65dac385ced9 Mon Sep 17 00:00:00 2001
From: Andrew Williams <andy@tensixtyone.com>
Date: Sun, 10 Apr 2011 12:00:48 +0100
Subject: [PATCH] Redirect if non-staff access the search functions

---
 app/sso/views.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/app/sso/views.py b/app/sso/views.py
index 309dfaa..31c3a0d 100644
--- a/app/sso/views.py
+++ b/app/sso/views.py
@@ -155,6 +155,9 @@ def service_reset(request, serviceid=0):
 def user_view(request, username=None):
     """ View a user's profile as a admin """
 
+    if not request.user.is_staff:
+        return redirect('sso.views.profile')
+
     if username:
         try:
             user = User.objects.get(username=username)
@@ -181,6 +184,9 @@ def user_lookup(request):
 
     form = UserLookupForm()
 
+    if not request.user.is_staff:
+        return redirect('sso.views.profile')
+
     if request.method == 'POST':
         form = UserLookupForm(request.POST)
         if form.is_valid():