Closed eyeseast closed 1 week ago
For writable routes, I think it makes sense to just redirect back to the document. This might end up as a 404 if the document is private, but that's fine. It's also possible it'll be a 404 already, because we load the document in the layout.
Just confirmed: all the sub-document routes (modify, redact, annotate) will 404 if the user can't see the document, so that's done.
Routes that need edit_access
permission:
Add-on dispatch throws a 500 right now: https://next.www.documentcloud.org/add-ons/MuckRock/documentcloud-regex-addon/
This needs to be linkable for anonymous users, but shouldn't dispatch, obviously.
What routes should only be accessible if you're logged in? Or should we have a fallback view that tells you what to do?
Lots of things are either disabled or just not visible to anonymous users.