allow read only pages to be requested without authorization

2025-08-28 12:29:55 +00:00 · 2021-09-05 06:09:43 +03:00
parent e0607ba609
commit b0575ee4ba
7 changed files with 27 additions and 11 deletions
--- a/src/ahriman/web/middlewares/auth_handler.py
+++ b/src/ahriman/web/middlewares/auth_handler.py
@ -80,7 +80,7 @@ def auth_handler(validator: Auth) -> MiddlewareType:
        else:
            permission = UserAccess.Write

-        if not validator.is_safe_request(request.path):
+        if not validator.is_safe_request(request.path, permission):
            await aiohttp_security.check_permission(request, permission, request.path)

        return await handler(request)
--- a/src/ahriman/web/views/index.py
+++ b/src/ahriman/web/views/index.py
@ -85,7 +85,7 @@ class IndexView(BaseView):

        # auth block
        auth_username = await authorized_userid(self.request)
-        authorized = not self.validator.enabled or auth_username is not None
+        authorized = not self.validator.enabled or self.validator.allow_read_only or auth_username is not None

        return {
            "architecture": self.service.architecture,