From 8dbb1e34735fc3f74c1c9f3a5574122d695a9be4 Mon Sep 17 00:00:00 2001
From: Tanner Prestegard <tanner.prestegard@ligo.org>
Date: Wed, 19 Jun 2019 12:10:09 -0500
Subject: [PATCH] Add "switch-based" public access decorator

When applied, this makes a view publicly available *if* the
settings.UNAUTHENTICATED_ACCESS switch is True; otherwise you
must be authenticated. This will be useful to propagate to
most other views to make this settings switch globally effective
at some point.
---
 config/settings/base.py        |  2 +-
 gracedb/ligoauth/decorators.py | 18 +++++++++++++++++-
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/config/settings/base.py b/config/settings/base.py
index f22058f39..c75575e1e 100644
--- a/config/settings/base.py
+++ b/config/settings/base.py
@@ -27,7 +27,7 @@ PROJECT_VERSION = '2.5.1'
 # Unauthenticated access ------------------------------------------------------
 # This variable should eventually control whether unauthenticated access is
 # allowed *ANYWHERE* on this service, except the home page, which is always
-# public. For now, it just controls the API.
+# public. For now, it just controls the API and the public alerts page.
 UNAUTHENTICATED_ACCESS = True
 
 # Miscellaneous settings ------------------------------------------------------
diff --git a/gracedb/ligoauth/decorators.py b/gracedb/ligoauth/decorators.py
index bd6fe23cf..71c3e40d5 100644
--- a/gracedb/ligoauth/decorators.py
+++ b/gracedb/ligoauth/decorators.py
@@ -1,9 +1,11 @@
+import logging
+
 from django.conf import settings
 from django.contrib.auth import REDIRECT_FIELD_NAME
 from django.contrib.auth.decorators import user_passes_test
 from django.core.exceptions import PermissionDenied
-import logging
 
+# Set up logger
 logger = logging.getLogger(__name__)
 
 
@@ -48,3 +50,17 @@ def lvem_observers_only(function=None, login_url=None, superuser_allowed=False,
     if function:
         return actual_decorator(function)
     return actual_decorator
+
+
+def public_if_public_access_allowed(function=None, login_url=None,
+    raise_exception=False):
+
+    # Either unauthenticated access is allowed or if not,
+    # the user is authenticated
+    test_func = lambda u: \
+        settings.UNAUTHENTICATED_ACCESS or u.is_authenticated
+    actual_decorator = user_passes_test(test_func, login_url=login_url)
+
+    if function:
+        return actual_decorator(function)
+    return actual_decorator
-- 
GitLab