dokumente/tests.py

@@ -1,6 +1,7 @@
 from django.test import TestCase, Client
 from django.urls import reverse
 from django.core.management import call_command
+from django.contrib.auth.models import User
 from datetime import date, timedelta
 from io import StringIO
 from .models import (
@@ -825,6 +826,15 @@ class IncompleteVorgabenTest(TestCase):
     def setUp(self):
         self.client = Client()
         
+        # Create and login a staff user
+        self.staff_user = User.objects.create_user(
+            username='teststaff',
+            password='testpass123'
+        )
+        self.staff_user.is_staff = True
+        self.staff_user.save()
+        self.client.login(username='teststaff', password='testpass123')
+        
         # Create test data
         self.dokumententyp = Dokumententyp.objects.create(
             name="Test Typ",
@@ -1092,3 +1102,28 @@ class IncompleteVorgabenTest(TestCase):
         response = self.client.get(reverse('incomplete_vorgaben'))
         # Should NOT appear in "no text" list because it has both text types
         self.assertNotContains(response, 'Vorgabe mit beiden Texten')
+    
+    def test_incomplete_vorgaben_staff_only(self):
+        """Test that non-staff users are redirected to login"""
+        # Logout the staff user
+        self.client.logout()
+        
+        # Try to access the page as anonymous user
+        response = self.client.get(reverse('incomplete_vorgaben'))
+        self.assertEqual(response.status_code, 302)  # Redirect to login
+        
+        # Create a regular (non-staff) user
+        regular_user = User.objects.create_user(
+            username='regularuser',
+            password='testpass123'
+        )
+        self.client.login(username='regularuser', password='testpass123')
+        
+        # Try to access the page as regular user
+        response = self.client.get(reverse('incomplete_vorgaben'))
+        self.assertEqual(response.status_code, 302)  # Redirect to login
+        
+        # Login as staff user again - should work
+        self.client.login(username='teststaff', password='testpass123')
+        response = self.client.get(reverse('incomplete_vorgaben'))
+        self.assertEqual(response.status_code, 200)  # Success

dokumente/views.py

@@ -1,4 +1,5 @@
 from django.shortcuts import render, get_object_or_404
+from django.contrib.auth.decorators import login_required, user_passes_test
 from .models import Dokument, Vorgabe, VorgabeKurztext, VorgabeLangtext, Checklistenfrage
 from abschnitte.utils import render_textabschnitte
 
@@ -56,6 +57,11 @@ def standard_checkliste(request, nummer):
     })
 
 
+def is_staff_user(user):
+    return user.is_staff
+
+@login_required
+@user_passes_test(is_staff_user)
 def incomplete_vorgaben(request):
     """
     Show lists of incomplete Vorgaben:

pages/templates/base.html

@@ -17,7 +17,9 @@
   <div class="collapse navbar-collapse" id="navbarNavAltMarkup">
     <div class="navbar-nav">
       <a class="nav-item nav-link active" href="/dokumente">Standards</a>
+      {% if user.is_staff %}
       <a class="nav-item nav-link" href="/dokumente/unvollstaendig/">Unvollständig</a>
+      {% endif %}
       <a class="nav-item nav-link" href="/referenzen">Referenzen</a>
       <a class="nav-item nav-link" href="/stichworte">Stichworte</a>
       <a class="nav-item nav-link" href="/search">Suche</a>