Block access to user URLS without authentication

vvmurthy / RadiationTherapyDecisionSupport

Python Code, MATLAB Original Code and data to benchmark Radiation Therapy Decision Support Algorithm

0 stars 1 forks source link

Block access to user URLS without authentication #32

Closed vvmurthy closed 6 years ago

vvmurthy commented 6 years ago

If a user is not signed in:

Block access to /users/options/
Block access to /users/logout/
Block access to /users/upload/ etc. No user features should be accessable without authentication, whereas now they can be accessible by typing the deep link URL into the browser

vvmurthy commented 6 years ago

Now, the urls are not accessible through deep linking, but the urls give 404 error if not logged in. Use the suggestions here to have urls marked with @login_required redirect to the login page. Thus, if a user is not logged in and attempts to access one of the blocked, login-required URLs, they are asked to log in as usual.

vvmurthy commented 6 years ago

Urls are defined in views.py in UserProfile, upload and dsrt -> that's probably where you would need to fix the URL redirects

vvmurthy commented 6 years ago

Rhea's last push closed this issue