7 files changed, 47 insertions, 18 deletions

diff --git a/config/middleware.py b/config/middleware.py
new file mode 100644
index 0000000..c3b7c46
--- /dev/null
+++ b/config/middleware.py
@@ -0,0 +1,27 @@
+"""
+whipped from https://www.youtube.com/watch?v=DbAzWll4UIA&list=PLw02n0FEB3E3VSHjyYMcFadtQORvl1Ssj&index=27
+"""
+import re
+
+from django.conf import settings
+from django.shortcuts import redirect
+
+EXEMPT_URLS = [re.compile(settings.LOGIN_URL.lstrip("/"))]
+if hasattr(settings, 'LOGIN_EXEMPT_URLS'):
+    EXEMPT_URLS += [re.compile(url) for url in settings.LOGIN_EXEMPT_URLS]
+
+
+class LoginRequiredMiddleware:
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request, *args, **kwargs):
+        response = self.get_response(request)
+        return response
+
+    def process_view(self, request, view_func, view_args, view_kwargs):
+        assert hasattr(request, 'user')
+        path = request.path_info.lstrip("/")
+        if not request.user.is_authenticated:
+            if not any(url.match(path) for url in EXEMPT_URLS):
+                return redirect(settings.LOGIN_URL)
diff --git a/config/settings/gcloud_settings.py b/config/settings/gcloud_settings.py
index 3a8912f..a057db8 100644
--- a/config/settings/gcloud_settings.py
+++ b/config/settings/gcloud_settings.py
@@ -169,12 +169,17 @@ MIDDLEWARE = [
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    'config.middleware.LoginRequiredMiddleware'
 ]
 
 ROOT_URLCONF = 'config.urls'
 
 WSGI_APPLICATION = 'config.wsgi.application'
 
+LOGIN_EXEMPT_URLS = (
+    r"account/login",
+    r"account/logout"
+)
 
 # Database
 # https://docs.djangoproject.com/en/2.1/ref/settings/#databases
diff --git a/ctrack/caf/views.py b/ctrack/caf/views.py
index f748b49..a5d9953 100644
--- a/ctrack/caf/views.py
+++ b/ctrack/caf/views.py
@@ -11,13 +11,12 @@ from ctrack.caf.models import CAF, ApplicableSystem
 from ctrack.organisations.models import Organisation
 
 
-class ListCAF(LoginRequiredMixin, PermissionRequiredMixin, ListView):
+class ListCAF(PermissionRequiredMixin, ListView):
     model = CAF
     permission_required = "caf.view_caf"
 
 
 # Let's write a traditional function view!
-@login_required()
 @permission_required("caf.view_caf")
 def caf_detail_view(request, pk):
     caf = CAF.objects.get(pk=pk)
@@ -39,7 +38,7 @@ def caf_detail_view(request, pk):
     return render(request, "caf/caf_detail.html", context)
 
 
-class ListApplicableSystem(LoginRequiredMixin, PermissionRequiredMixin, ListView):
+class ListApplicableSystem(PermissionRequiredMixin, ListView):
     model = ApplicableSystem
     # apparently you can pass a list of model objects to a template if you name it
     # here - otherwise you need to provide a QuerySet
@@ -55,7 +54,7 @@ class ListApplicableSystem(LoginRequiredMixin, PermissionRequiredMixin, ListView
         return context
 
 
-class ApplicableSystemDetail(LoginRequiredMixin, PermissionRequiredMixin, DetailView):
+class ApplicableSystemDetail(PermissionRequiredMixin, DetailView):
     model = ApplicableSystem
     template_name = "caf/applicablesystem_detail.html"
     permission_required = "caf.view_applicablesystem"
@@ -88,8 +87,7 @@ def applicable_system_create_from_caf(request, caf_id):
     )
 
 
-class ApplicableSystemCreateFromOrg(
-    LoginRequiredMixin, PermissionRequiredMixin, FormView
+class ApplicableSystemCreateFromOrg(PermissionRequiredMixin, FormView
 ):
     form_class = ApplicableSystemCreateFromOrgForm
     template_name = "caf/applicable_system_create_from_org.html"
diff --git a/ctrack/core/views.py b/ctrack/core/views.py
index d7efe34..a40f945 100644
--- a/ctrack/core/views.py
+++ b/ctrack/core/views.py
@@ -5,7 +5,6 @@ from ctrack.organisations.models import IncidentReport, Organisation
 from ctrack.register.models import EngagementEvent
 
 
-@login_required
 def home_page(request):
     if request.user.is_stakeholder:
         org = Organisation.objects.get(
diff --git a/ctrack/organisations/views.py b/ctrack/organisations/views.py
index c56c106..adb3b81 100644
--- a/ctrack/organisations/views.py
+++ b/ctrack/organisations/views.py
@@ -25,7 +25,7 @@ def essential_service_detail(request, pk):
     return render(request, "organisations/essential_service_detail.html", context)
 
 
-class PersonListView(LoginRequiredMixin, PermissionRequiredMixin, ListView):
+class PersonListView(PermissionRequiredMixin, ListView):
     model = Person
     template_name = "organisations/person_list.html"
     permission_required = "organisations.view_person"
@@ -36,7 +36,7 @@ def person_detail(request, person_id):
     return render(request, "organisations/person_detail.html", {"person": p})
 
 
-class OrganisationCreate(LoginRequiredMixin, PermissionRequiredMixin, CreateView):
+class OrganisationCreate(PermissionRequiredMixin, CreateView):
     model = Organisation
     template_name = "organisations/org_create_formset.html"
     form_class = OrganisationCreateForm
@@ -65,7 +65,7 @@ class OrganisationCreate(LoginRequiredMixin, PermissionRequiredMixin, CreateView
         return reverse_lazy("organisations:detail", kwargs={"slug": self.object.slug})
 
 
-class OrganisationListView(LoginRequiredMixin, PermissionRequiredMixin, ListView):
+class OrganisationListView(PermissionRequiredMixin, ListView):
     model = Organisation
     permission_required = "organisations.view_organisation"
 
@@ -75,7 +75,7 @@ class OrganisationListView(LoginRequiredMixin, PermissionRequiredMixin, ListView
         return context
 
 
-class OrganisationDetailView(LoginRequiredMixin, PermissionRequiredMixin, DetailView):
+class OrganisationDetailView(PermissionRequiredMixin, DetailView):
     model = Organisation
     permission_required = "organisations.view_organisation"
 
@@ -109,7 +109,7 @@ class OrganisationDetailView(LoginRequiredMixin, PermissionRequiredMixin, Detail
         return context
 
 
-class IncidentReportCreateView(LoginRequiredMixin, FormView):
+class IncidentReportCreateView(FormView):
     model = IncidentReport
     form_class = IncidentReportForm
     template_name = "organisations/incidentreport_form.html"
diff --git a/ctrack/register/views.py b/ctrack/register/views.py
index 3363fcd..0ab71c3 100644
--- a/ctrack/register/views.py
+++ b/ctrack/register/views.py
@@ -17,7 +17,7 @@ class EngagementEventDelete(DeleteView):
         return reverse_lazy("organisations:detail", args=[self.kwargs["slug"]])
 
 
-class EngagementEventCreate(LoginRequiredMixin, FormView):
+class EngagementEventCreate(FormView):
     fields = "__all__"
     form_class = EngagementEventCreateForm
     template_name = "register/engagementevent_form.html"
@@ -45,7 +45,7 @@ class EngagementEventCreate(LoginRequiredMixin, FormView):
         return reverse_lazy("organisations:detail", args=[self.kwargs["slug"]])
 
 
-class EngagementEventCreateFromCaf(LoginRequiredMixin, FormView):
+class EngagementEventCreateFromCaf(FormView):
     fields = "__all__"
     form_class = EngagementEventCreateForm
     template_name = "snippets/event_form_base.html"
@@ -72,7 +72,7 @@ class EngagementEventCreateFromCaf(LoginRequiredMixin, FormView):
         return reverse_lazy("organisations:detail", args=[org_slug])
 
 
-class SingleDateTimeEventCreate(LoginRequiredMixin, FormView):
+class SingleDateTimeEventCreate(FormView):
     template_name = "single_datetime_event_create.html"
     form_class = CreateSimpleDateTimeEventForm
     success_url = reverse_lazy("organisations:list")
diff --git a/ctrack/users/views.py b/ctrack/users/views.py
index 8e504e4..883cfb5 100644
--- a/ctrack/users/views.py
+++ b/ctrack/users/views.py
@@ -8,7 +8,7 @@ from django.views.generic import DetailView, RedirectView, UpdateView
 User = get_user_model()
 
 
-class UserDetailView(LoginRequiredMixin, DetailView):
+class UserDetailView(DetailView):
 
     model = User
 
@@ -24,7 +24,7 @@ class UserDetailView(LoginRequiredMixin, DetailView):
 user_detail_view = UserDetailView.as_view()
 
 
-class UserUpdateView(LoginRequiredMixin, UpdateView):
+class UserUpdateView(UpdateView):
 
     model = User
     fields = ["name", "first_name", "last_name"]
@@ -45,7 +45,7 @@ class UserUpdateView(LoginRequiredMixin, UpdateView):
 user_update_view = UserUpdateView.as_view()
 
 
-class UserRedirectView(LoginRequiredMixin, RedirectView):
+class UserRedirectView(RedirectView):
 
     permanent = False