feat: complete monorepo structure with frontend and shared resources

- Add complete backend/ directory with full Django application - Add frontend/ directory with Vite + TypeScript setup ready for Next.js - Add comprehensive shared/ directory with: - Complete documentation and memory-bank archives - Media files and avatars (letters, park/ride images) - Deployment scripts and automation tools - Shared types and utilities - Add architecture/ directory with migration guides - Configure pnpm workspace for monorepo development - Update .gitignore to exclude .django_tailwind_cli/ build artifacts - Preserve all historical documentation in shared/docs/memory-bank/ - Set up proper structure for full-stack development with shared resources
2025-12-22 03:11:08 -05:00 · 2025-08-23 18:40:07 -04:00
parent b0e0678590
commit d504d41de2
762 changed files with 142636 additions and 0 deletions
--- a/shared/docs/memory-bank/decisions/authentication-fix-2025-06-25.md
+++ b/shared/docs/memory-bank/decisions/authentication-fix-2025-06-25.md
@@ -0,0 +1,85 @@
+# Authentication Requirements Fix - 2025-06-25
+
+## Problem Identified
+User reported that authentication is required for functionality that shouldn't need it. The issue is that search and read-only operations are requiring authentication when they should be publicly accessible.
+
+## Root Cause Analysis
+
+### Issues Found:
+
+1. **RideSearchView** (rides/views.py:437)
+   - Has `LoginRequiredMixin` which blocks unauthenticated users from searching rides
+   - Search functionality should be publicly accessible
+
+2. **Search Helper Functions** (rides/views.py:318-374)
+   - `search_manufacturers()` - has `@login_required` decorator
+   - `search_designers()` - has `@login_required` decorator  
+   - `search_ride_models()` - has `@login_required` decorator
+   - These are used for autocomplete/search functionality, should be public
+
+3. **Settings Configuration**
+   - `AUTOCOMPLETE_BLOCK_UNAUTHENTICATED = False` is already set correctly
+   - The issue is not with the BaseAutocomplete class but with view-level authentication
+
+## Authentication Philosophy
+
+**Should Require Authentication:**
+- Creating new rides, parks, manufacturers, designers
+- Editing existing content
+- Submitting photos or reviews
+- Administrative functions
+
+**Should NOT Require Authentication:**
+- Searching/browsing rides and parks
+- Viewing ride details
+- Using autocomplete for search
+- Reading public content
+
+## Solution Plan
+
+1. Remove `LoginRequiredMixin` from `RideSearchView`
+2. Remove `@login_required` decorators from search helper functions
+3. Ensure create/edit views still require authentication (they do)
+4. Update tests to reflect new public access
+5. Document the authentication boundaries clearly
+
+## Implementation Notes
+
+- The `RideCreateView` and `RideUpdateView` correctly use `LoginRequiredMixin`
+- The `BaseAutocomplete` class already supports public access via settings
+- Search functionality should be fast and accessible to encourage engagement
+
+## Changes Made
+
+1. **RideSearchView** (rides/views.py:437)
+   - ✅ Removed `LoginRequiredMixin` from class definition
+   - Now allows unauthenticated users to search rides
+
+2. **Search Helper Functions** (rides/views.py:318-374)
+   - ✅ Removed `@login_required` decorator from `search_manufacturers()`
+   - ✅ Removed `@login_required` decorator from `search_designers()`
+   - ✅ Removed `@login_required` decorator from `search_ride_models()`
+   - These functions now support public autocomplete functionality
+
+3. **Import Cleanup**
+   - ✅ Removed unused `login_required` import from rides/views.py
+
+4. **Test Fixes**
+   - ✅ Fixed test method calls to include required `context` parameter
+   - ✅ Fixed autocomplete result limiting in `get_search_results()` method
+   - ✅ All 7 autocomplete tests now passing
+
+## Verification
+
+- ✅ All search functionality tests pass
+- ✅ Authentication still required for create/edit operations
+- ✅ Public search access now working as intended
+- ✅ Server reloads successfully with no errors
+
+## Result
+
+Authentication is now properly scoped:
+- **Public Access**: Search, browse, view content, autocomplete
+- **Authentication Required**: Create, edit, submit content, administrative functions
+
+This provides a better user experience while maintaining security for content modification.