mirror of https://github.com/pacnpal/thrillwiki_django_no_react.git synced 2025-12-20 15:51:08 -05:00

Files

pacnpal d504d41de2 feat: complete monorepo structure with frontend and shared resources

- Add complete backend/ directory with full Django application
- Add frontend/ directory with Vite + TypeScript setup ready for Next.js
- Add comprehensive shared/ directory with:
  - Complete documentation and memory-bank archives
  - Media files and avatars (letters, park/ride images)
  - Deployment scripts and automation tools
  - Shared types and utilities
- Add architecture/ directory with migration guides
- Configure pnpm workspace for monorepo development
- Update .gitignore to exclude .django_tailwind_cli/ build artifacts
- Preserve all historical documentation in shared/docs/memory-bank/
- Set up proper structure for full-stack development with shared resources

2025-08-23 18:40:07 -04:00

3.2 KiB

Raw Blame History

Authentication Requirements Fix - 2025-06-25

Problem Identified

User reported that authentication is required for functionality that shouldn't need it. The issue is that search and read-only operations are requiring authentication when they should be publicly accessible.

Root Cause Analysis

Issues Found:

RideSearchView (rides/views.py:437)
- Has LoginRequiredMixin which blocks unauthenticated users from searching rides
- Search functionality should be publicly accessible
Search Helper Functions (rides/views.py:318-374)
- search_manufacturers() - has @login_required decorator
- search_designers() - has @login_required decorator
- search_ride_models() - has @login_required decorator
- These are used for autocomplete/search functionality, should be public
Settings Configuration
- AUTOCOMPLETE_BLOCK_UNAUTHENTICATED = False is already set correctly
- The issue is not with the BaseAutocomplete class but with view-level authentication

Authentication Philosophy

Should Require Authentication:

Creating new rides, parks, manufacturers, designers
Editing existing content
Submitting photos or reviews
Administrative functions

Should NOT Require Authentication:

Searching/browsing rides and parks
Viewing ride details
Using autocomplete for search
Reading public content

Solution Plan

Remove LoginRequiredMixin from RideSearchView
Remove @login_required decorators from search helper functions
Ensure create/edit views still require authentication (they do)
Update tests to reflect new public access
Document the authentication boundaries clearly

Implementation Notes

The RideCreateView and RideUpdateView correctly use LoginRequiredMixin
The BaseAutocomplete class already supports public access via settings
Search functionality should be fast and accessible to encourage engagement

Changes Made

RideSearchView (rides/views.py:437)
- ✅ Removed LoginRequiredMixin from class definition
- Now allows unauthenticated users to search rides
Search Helper Functions (rides/views.py:318-374)
- ✅ Removed @login_required decorator from search_manufacturers()
- ✅ Removed @login_required decorator from search_designers()
- ✅ Removed @login_required decorator from search_ride_models()
- These functions now support public autocomplete functionality
Import Cleanup
- ✅ Removed unused login_required import from rides/views.py
Test Fixes
- ✅ Fixed test method calls to include required context parameter
- ✅ Fixed autocomplete result limiting in get_search_results() method
- ✅ All 7 autocomplete tests now passing

Verification

✅ All search functionality tests pass
✅ Authentication still required for create/edit operations
✅ Public search access now working as intended
✅ Server reloads successfully with no errors

Result

Authentication is now properly scoped:

Public Access: Search, browse, view content, autocomplete
Authentication Required: Create, edit, submit content, administrative functions

This provides a better user experience while maintaining security for content modification.

3.2 KiB Raw Blame History