Public experiment / access control
joewandy opened this issue · comments
Joe Wandy commented
Right now anybody could access any experiment (in read only mode) by just typing the URL to the analysis.
We should add a flag to prevent this, unless the experiment is made public by the user.
For access control:
- Database change
- Add decorator to views
Joe Wandy commented
Done in commit f72cd72 and d1fbbad.
- Added a database flag
public
in the Analysis model. Ifpublic
is True, then the analysis can be accessed directly through the URL (the default value is False). - Added a screen in the Settings to toggle an analysis to be public or private
- Added the following checks in views. Not a decorator but this will do for now.
- If user has not logged in, then they can only view public analyses
- If user has logged in, then they can only view analyses that they created or are shared with.