micrittenden
commented
3 years ago Yup i agree 100%. global login before being able to access anything. Then, if they log out they are kicked back out the website.
Closed karimbahgat closed 2 years ago
micrittenden
commented
3 years ago Yup i agree 100%. global login before being able to access anything. Then, if they log out they are kicked back out the website.
We should figure out if we want to require the user to login before viewing any part of the scope platform (so not allowed to view even the frontpage or simple lists of things), since this is an internal tool not meant for a broader audience. Alternatively if want to allow random visitors to view pages but not modify any data, but I think we would need to layout a good argument for scenarios where we would want this.
Regardless of what we choose here, we should probably move from the current system of adding @login_required to each view, to a global login required for the entire site and adding specific @login_excempt for any public pages, see https://stackoverflow.com/questions/48407790/restricting-all-the-views-to-authenticated-users-in-django.