Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Anonymous users have access rights #230

Closed
okainov opened this Issue Feb 21, 2018 · 2 comments

Comments

Projects
None yet
2 participants
@okainov
Copy link
Contributor

okainov commented Feb 21, 2018

Back to security\auth\restrictions topic. Just found out that even for anonymous users they have access to all the data (test plans, test runs).

Can we have only login\register pages available for anonymous users?

@okainov

This comment has been minimized.

Copy link
Contributor Author

okainov commented Mar 4, 2018

For myself I've added @login_required decorator to all get() methods in views and it seems to work good enough.

@atodorov

This comment has been minimized.

Copy link
Member

atodorov commented Mar 4, 2018

@GodfatherThe this is a quick fix but we'd like to keep the current functionality available. Anonymous access is useful for open source projects for example, who want others to be able to see the test results, etc.

IMO all views should be login_required by default but then you need to be able to relax this if you want to give access to other people.

atodorov added a commit that referenced this issue Jun 29, 2018

Use GlobalLoginRequiredMiddleware. Fix #230
Anonymous users will not be allowed access by default. Read-only
access to some views (e.g. get TestPlan or TestRun) can be enabled
by disabling GlobalLoginRequiredMiddleware!

@atodorov atodorov closed this in d670516 Jul 2, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.