myspace: don't preemptively block access to myspace (#6385)
Most views were already doing their own checks, and some views needed to be open to API users.
This commit is contained in:
parent
25697df1d5
commit
764989990d
|
@ -430,8 +430,6 @@ class MyspaceDirectory(wcs.myspace.MyspaceDirectory):
|
|||
json = JsonDirectory()
|
||||
|
||||
def _q_traverse(self, path):
|
||||
if (path[0] not in ('new', 'json')) and (not get_request().user or get_request().user.anonymous):
|
||||
raise errors.AccessUnauthorizedError()
|
||||
get_response().filter['bigdiv'] = 'profile'
|
||||
get_response().breadcrumb.append(('myspace/', _('My Space')))
|
||||
|
||||
|
@ -697,6 +695,9 @@ class MyspaceDirectory(wcs.myspace.MyspaceDirectory):
|
|||
options = get_cfg('misc', {}).get('announce_themes')
|
||||
if not options:
|
||||
raise errors.TraversalError()
|
||||
user = get_request().user
|
||||
if not user or user.anonymous:
|
||||
raise errors.AccessUnauthorizedError()
|
||||
subscription = AnnounceSubscription.get_on_index(get_request().user.id, str('user_id'))
|
||||
if not subscription:
|
||||
raise errors.TraversalError()
|
||||
|
|
Reference in New Issue