Permission checks for approvement pages

match4everyone / match4everything

Other

7 stars 0 forks source link

Permission checks for approvement pages #138

Open bjrne opened 4 years ago

bjrne commented 4 years ago

Closes #121 Closes #137

bjrne commented 4 years ago

The 404 is not intended by behaviour added in this PR, it is a result of the problem described in #157. The login redirect is a result of the login decorator sitting before the other one. We need to discuss what behaviour we want, e.g. what page do you see for a URL that you have access to, but are not logged in yet. This is a decision between obfuscation and good UX.

bjrne commented 4 years ago

This will also wait for a decision on permission names (refer to #183).

bjrne commented 4 years ago

Will test thoroughly again and also revise checks for buttons on staff-profile.