From 9850879ea98f9b1dbf5f006f2a63cc04f1a8fb49 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= <fpeters@entrouvert.com>
Date: Fri, 30 Jan 2015 13:59:28 +0100
Subject: [PATCH] myspace: don't preemptively block access to myspace (#6385)

Most views were already doing their own checks, and some views needed to be
open to API users.
---
 extra/modules/myspace.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/extra/modules/myspace.py b/extra/modules/myspace.py
index d973487..e6284cd 100644
--- a/extra/modules/myspace.py
+++ b/extra/modules/myspace.py
@@ -430,8 +430,6 @@ class MyspaceDirectory(wcs.myspace.MyspaceDirectory):
     json = JsonDirectory()
 
     def _q_traverse(self, path):
-        if (path[0] not in ('new', 'json')) and (not get_request().user or get_request().user.anonymous):
-            raise errors.AccessUnauthorizedError()
         get_response().filter['bigdiv'] = 'profile'
         get_response().breadcrumb.append(('myspace/', _('My Space')))
 
@@ -697,6 +695,9 @@ class MyspaceDirectory(wcs.myspace.MyspaceDirectory):
         options = get_cfg('misc', {}).get('announce_themes')
         if not options:
             raise errors.TraversalError()
+        user = get_request().user
+        if not user or user.anonymous:
+            raise errors.AccessUnauthorizedError()
         subscription = AnnounceSubscription.get_on_index(get_request().user.id, str('user_id'))
         if not subscription:
             raise errors.TraversalError()
-- 
2.1.4