This adds a custom auth class + add'l permissions to private projects in order to allow only password-protected private projects to be accessible publicly.
Added a test to ensure the owner of the project can access it w/o a
password
The custom auth class verifies the following before allowing access:
That the request is a GET request w/ a password query param
That the project id is a valid project id
That the project id requested is also password-protected
Later on the additional perms added to ProjectPermissions check for
either an auth'ed user or a user with a (valid) password.
Add check for Authorization header value in case of logged in user
Check first for is_authenticated & is_in_group in case of logged in user
Test that project owner request along with password works as expected
This adds a custom auth class + add'l permissions to private projects in order to allow only password-protected private projects to be accessible publicly.
Added a test to ensure the owner of the project can access it w/o a password
The custom auth class verifies the following before allowing access:
That the request is a GET request w/ a password query param
That the project id is a valid project id
That the project id requested is also password-protected
Later on the additional perms added to ProjectPermissions check for either an auth'ed user or a user with a (valid) password.
Add check for
Authorizationheader value in case of logged in useris_authenticated & is_in_groupin case of logged in user