anonymous users should not be able to add available events

climu / openstudyroom

Website for the Open Study Room online go/baduk/weiqi community.

https://openstudyroom.org

GNU General Public License v3.0

67 stars 33 forks source link

anonymous users should not be able to add available events #448

Open climu opened 3 years ago

climu commented 3 years ago

@LucasBertrand I assign you :)

LucasBertrand commented 3 years ago

Wait, how you actually do that from the client ? I also verified, the view check user's permission.

climu commented 3 years ago

You can always pass something in the context. I use to load a different js file for anonymous since lot of client logic goes away. Your call.

LucasBertrand commented 3 years ago

I mean, anonymous users cannot add available events at the current state, or tell me how you do that :) I have some checks in my js functions and on the server, the request user pass the authenticated check

Make a selection on the calendar does nothing when your anonymous (I will desactivate the mouse event)

climu commented 3 years ago

The event are not stored on the database. It's just client side issue. To reproduce:

Logout OSR website and go to https://openstudyroom.org/calendar/
Click the week view
Click and drag on the calendar

This will create such an event and that's not the expected behaviour: