Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Anonymous users have access rights #230

Closed
okainov opened this issue Feb 21, 2018 · 2 comments
Closed

Anonymous users have access rights #230

okainov opened this issue Feb 21, 2018 · 2 comments

Comments

@okainov
Copy link
Contributor

okainov commented Feb 21, 2018
edited
Loading

Back to security\auth\restrictions topic. Just found out that even for anonymous users they have access to all the data (test plans, test runs).

Can we have only login\register pages available for anonymous users?
@okainov
Copy link
Contributor Author

okainov commented Mar 4, 2018

For myself I've added @login_required decorator to all get() methods in views and it seems to work good enough.

@atodorov
Copy link
Member

atodorov commented Mar 4, 2018

@GodfatherThe this is a quick fix but we'd like to keep the current functionality available. Anonymous access is useful for open source projects for example, who want others to be able to see the test results, etc.

IMO all views should be login_required by default but then you need to be able to relax this if you want to give access to other people.

atodorov added a commit that referenced this issue Jun 29, 2018
@atodorov
Use GlobalLoginRequiredMiddleware. Fix #230
2de8877 
Anonymous users will not be allowed access by default. Read-only
access to some views (e.g. get TestPlan or TestRun) can be enabled
by disabling GlobalLoginRequiredMiddleware!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@okainov @atodorov