Allow access to public Local Sites by anonymous users.
Review Request #5357 — Created Jan. 30, 2014 and submitted — Latest diff uploaded
Allow access to public Local Sites by anonymous users.
Local Sites were recently given a flag to control whether they could be
publicly accessed. This still required the user to be logged in, though.This change allows access to public Local Sites by anonymous users, when
anonymous access is turned on for the installation.A large part of this change is just cleaning up
reviews/views.py. Nearly
all the functions either did their own LocalSite checks or assumed
_find_review_requestwould do it. We now consolidate the logic in a
decorator.The new logic works like this:
-
If the user is anonymous, and the site is private, they will get
redirected to the Login page. -
If the user is anonymous, and the site is public, they will be able
to access the page's view (which still may deny them for other
reasons, of course). -
If the user is logged in, and the site is private, and they don't
have access, they will get a Permission Denied error. -
If the user is logged in, and the site is public, they will be able
to access the page's view.
There's also a better experience for the dashboard. Now, whether using
LocalSites or not, anonymous users will get redirected to the All Review
Requests page instead of the Dashboard by default. Either page will then
be able to do their own checks, showing a Permission Denied or login box
as appropriate, given the settings.
Tested each of the above scenarios.
Tested all affected pages and didn't see any problems.