New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow unauthenticated users to view group details #3461
Allow unauthenticated users to view group details #3461
Conversation
ABA-509 Viewing groups when not logged in gives 401
Either they should be public, or not visible on the sidebar as pages at all .. I think a fine solution is to make the groups public, but to not show its members. Webapp would need minimal changes to accommodate this. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know the perm system is overly conplex. But it might be better to use the safe_perms
property (or something like that). I think it's on the handler class. But a quick grep should lead you to it.
@LudvigHz |
5720834
to
2591f11
Compare
Codecov ReportPatch coverage:
Additional details and impacted files@@ Coverage Diff @@
## master #3461 +/- ##
=======================================
Coverage 88.29% 88.29%
=======================================
Files 662 662
Lines 21005 21006 +1
=======================================
+ Hits 18546 18547 +1
Misses 2459 2459
☔ View full report in Codecov by Sentry. |
Yes, that's the one. The default permission handler will check this attribute against the action and allow the method accordingly. So if you set it to |
2591f11
to
f88af40
Compare
ah yes I now see that if require_auth and not authenticated:
return False
elif not require_auth and perm in self.safe_methods: # <----------
return True
if not authenticated:
return False Adding Seems to work fine. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this all groups now??
I.e. can any person view any group?
Yes, but not its members. I don’t really see anything wrong with letting them be public, but I’m all ears |
The only concern was that there are some random groups that are administrative only and not really meant to be accessible by the public. But yeah at least it's not the members but still we might want to have some filter on what is public (in terms of group type (committee, interest group)) |
No description provided.