don't edit ticket info or export notes if not authenticated

scrutiny/projects/templates/projects/issue_fragment.html

@@ -1,7 +1,9 @@
 <tr>
-  <td class="edit">
-    <a rel="popup" class="link-action-icon edit" href="{% url 'issue-edit-info' issue.id %}" data-inplace-submit="true">Editer</a>
-  </td>
+  {% if user.is_authenticated %}
+    <td class="edit">
+      <a rel="popup" class="link-action-icon edit" href="{% url 'issue-edit-info' issue.id %}" data-inplace-submit="true">Editer</a>
+    </td>
+  {% endif %}
   <td class="doc">
     {% if issue.info.doc_focus %}<span class="icon doc"></span>{% endif %}
   </td>

scrutiny/projects/templates/projects/project_summary_history.html

@@ -13,7 +13,9 @@
         {% if day.modules %}
           {% if day.day == 'future' %}
             <h3>À venir</h3>
-            <a href="{% url 'project-summary-history-future' slug=object.slug %}">Exporter</a>
+            {% if user.is_authenticated %}
+              <a href="{% url 'project-summary-history-future' slug=object.slug %}">Exporter</a>
+            {% endif %}
           {% else %}
             <h3>{{ day.day|date:"d/m/Y" }}</h3>
             <a href="{% url 'project-summary-history-day' slug=object.slug year=day.day.year month=day.day.month day=day.day.day %}">Exporter</a>

scrutiny/projects/views.py

@@ -3,6 +3,7 @@ import json
 import re
 
 from django import template
+from django.core.exceptions import PermissionDenied
 from django.http import Http404, HttpResponse, JsonResponse
 from django.shortcuts import render
 from django.utils import timezone
@@ -245,6 +246,11 @@ class ProjectSummaryHistoryView(ProjectSummaryHistoryMixin, DetailView):
 class ProjectSummaryHistoryDayView(ProjectSummaryHistoryMixin, IssuesMixin, DetailView):
     model = Project
 
+    def dispatch(self, request, *args, **kwargs):
+        if not request.user.is_authenticated:
+            raise PermissionDenied
+        return super().dispatch(request, *args, **kwargs)
+
     def get(self, request, *args, **kwargs):
         self.object = self.get_object()
         day = 'future'
@@ -358,6 +364,8 @@ class IssueInfoUpdate(FormView):
     success_url = '/'
 
     def dispatch(self, request, *args, **kwargs):
+        if not request.user.is_authenticated:
+            raise PermissionDenied
         self.issue = Issue(kwargs['issue_id'])
         return super().dispatch(request, *args, **kwargs)