web/quotes: require login for all pages
...except things under /accounts/, because I generally just trust that to do access control for me.
This commit is contained in:
parent
7ec8e08ff0
commit
ee3299223a
5 changed files with 25 additions and 3 deletions
15
web/quotes/quotesapp/middleware.py
Normal file
15
web/quotes/quotesapp/middleware.py
Normal file
|
@ -0,0 +1,15 @@
|
|||
from django.contrib.auth.decorators import login_required
|
||||
|
||||
|
||||
class LoginRequiredMiddleware:
|
||||
def __init__(self, get_response):
|
||||
self.get_response = get_response
|
||||
|
||||
def is_open_url(self, path_info):
|
||||
return path_info.startswith('/accounts/')
|
||||
|
||||
def __call__(self, request):
|
||||
if not self.is_open_url(request.path_info):
|
||||
return login_required()(self.get_response)(request)
|
||||
|
||||
return self.get_response(request)
|
|
@ -60,6 +60,7 @@ MIDDLEWARE = [
|
|||
"django.contrib.auth.middleware.AuthenticationMiddleware",
|
||||
"django.contrib.messages.middleware.MessageMiddleware",
|
||||
"django.middleware.clickjacking.XFrameOptionsMiddleware",
|
||||
"quotes.quotesapp.middleware.LoginRequiredMiddleware",
|
||||
]
|
||||
|
||||
ROOT_URLCONF = "quotes.quotesapp.urls"
|
||||
|
|
|
@ -16,15 +16,14 @@ Including another URLconf
|
|||
from django.contrib import admin
|
||||
from django.contrib.auth.decorators import login_required
|
||||
from django.urls import include, re_path, path
|
||||
from django.views.generic import TemplateView
|
||||
|
||||
import allauth.urls
|
||||
import quotes.quotedb.urls
|
||||
|
||||
# Monkeypatch the login_required decorator onto /admin.
|
||||
admin.site.login = login_required(admin.site.login)
|
||||
|
||||
urlpatterns = [
|
||||
path("admin/", admin.site.urls),
|
||||
path("accounts/", include(allauth.urls)),
|
||||
path("accounts/logged_out/", TemplateView.as_view(template_name='account/logged_out.html')),
|
||||
re_path(r"", include(quotes.quotedb.urls)),
|
||||
]
|
||||
|
|
6
web/quotes/templates/account/logged_out.html
Normal file
6
web/quotes/templates/account/logged_out.html
Normal file
|
@ -0,0 +1,6 @@
|
|||
{% extends "alert.html" %}
|
||||
|
||||
{% block title %}Logged out{% endblock %}
|
||||
|
||||
{% block content_title %}Logged <span class="text-bfobOrange">Out</span>{% endblock %}
|
||||
{% block content_text %}Bye, I guess.{% endblock %}
|
|
@ -24,6 +24,7 @@
|
|||
{% if user.is_authenticated %}
|
||||
<form action="/accounts/logout/" method="POST">
|
||||
{% csrf_token %}
|
||||
<input type="hidden" name="next" value="/accounts/logged_out/">
|
||||
<button type="submit" class="px-4 py-1 rounded-full text-sm border border-bfobOrange text-bfobOrange hover:border-transparent hover:bg-bfobOrange hover:text-bfobGray-dark">Logout</button>
|
||||
</form>
|
||||
{% else %}
|
||||
|
|
Loading…
Reference in a new issue