Prevent non-superusers from modifying site settings

Review Request #8330 — Created Aug. 15, 2016 and submitted — Latest diff uploaded

Information

Review Board
release-2.5.x
e999957...

Reviewers

Previously, any staff member (superuser or non-superuser) could change
any of the site settings. We now prevent all non-superuser staff members
from accessing site settings views so that they cannot. A new decorator
(similar to Django's staff_member_required) has been added to
accomplish this.

  • Manually verified that superusers can still change settings.
  • Manually verified that non-superusers are shown a permission denied
    page.
  • Manually verified that unauthenticated users are shown a login form.