New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix divio/django-cms#2166 - disabling further action on populate calls i... #3300
Fix divio/django-cms#2166 - disabling further action on populate calls i... #3300
Conversation
…ase the user is not authenticated
This references #2166 |
LGTM: a safe assumption that toolbar sholt not populated for anonymous users |
Fix #2166 - disabling further action on populate calls i...
Sorry that I didn't get back to this with a comment I was thinking about: When the toolbar is displayed by accident during a session in which the user was logged out, it actually shows with a login menu. Either we need to:
I suggest 1) because it's not the toolbar's responsibility to show login forms. |
Ok, I'll revert this PR so we can discuss the frontend solution |
But when do you display a toolbar to a non-authenticated user? I don't see the use case for that :) |
That's the issue to solve: toolbar should only appear when requested by the user (appending "?edit" or |
How about replacing the toolbar login form with a redirect to |
(the redirect can be put in the toolbar middleware) |
Project may not have a public login view, but only a login admin |
@benjaoming, I'm not sure I fully understand your proposal but |
@yakky in that case, user can simply set LOGIN_URL="/admin/" @mmarzantowicz The point was that if And users that don't know that they need to login to edit CMS pages are useless editors IMO :) |
@benjaoming could you provide a minimal and clean setup to reproduce the original issue? Ideally instructions on how to configure a project started with djangocms-installer to trigger the issue. |
To reproduce the issue:
|
I came out with a possible solution and hack that works. (possible) Solution:I did try/catch block around whole content "render_tag" in CMSToolbar class. I know that this way it throws out all errors, but that errors could only raise in this template tag. Hack:But that is definitely NOT a solution! base.html cms_toolbar.html the logout template |
Sorry for excessive comments, just including "custom" toolbar that doesn't suffer from this bug. |
disabling further action on populate calls in case the user is not authenticated