myspace: don't preemptively block access to myspace (#6385)

Most views were already doing their own checks, and some views needed to be
open to API users.

extra/modules/myspace.py

@@ -430,8 +430,6 @@ class MyspaceDirectory(wcs.myspace.MyspaceDirectory):
     json = JsonDirectory()
 
     def _q_traverse(self, path):
-        if (path[0] not in ('new', 'json')) and (not get_request().user or get_request().user.anonymous):
-            raise errors.AccessUnauthorizedError()
         get_response().filter['bigdiv'] = 'profile'
         get_response().breadcrumb.append(('myspace/', _('My Space')))
 
@@ -697,6 +695,9 @@ class MyspaceDirectory(wcs.myspace.MyspaceDirectory):
         options = get_cfg('misc', {}).get('announce_themes')
         if not options:
             raise errors.TraversalError()
+        user = get_request().user
+        if not user or user.anonymous:
+            raise errors.AccessUnauthorizedError()
         subscription = AnnounceSubscription.get_on_index(get_request().user.id, str('user_id'))
         if not subscription:
             raise errors.TraversalError()