[FIX] website_mail: forbid access to email_designer routes to public user

bzr revid: chs@openerp.com-20140228151544-ipoih9c924rsbqi1

diff --git a/addons/website_mail/controllers/email_designer.py b/addons/website_mail/controllers/email_designer.py
index 81bc703..3eb3c32 100644 (file)
--- a/addons/website_mail/controllers/email_designer.py
+++ b/addons/website_mail/controllers/email_designer.py
@@ -7,7 +7,7 @@ from openerp.addons.web.http import request
 
 class WebsiteEmailDesigner(http.Controller):
 
-    @http.route('/website_mail/email_designer/<model("email.template"):template>/', type='http', auth="public", website=True, multilang=True)
+    @http.route('/website_mail/email_designer/<model("email.template"):template>/', type='http', auth="user", website=True, multilang=True)
     def index(self, template, **kw):
         values = {
             'template': template,
@@ -15,6 +15,6 @@ class WebsiteEmailDesigner(http.Controller):
         print template
         return request.website.render("website_mail.designer_index", values)
 
-    @http.route(['/website_mail/snippets'], type='json', auth="public", website=True)
+    @http.route(['/website_mail/snippets'], type='json', auth="user", website=True)
     def snippets(self):
         return request.website._render('website_mail.email_designer_snippets')