Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make it possible to allow some pages to display publicly even when organization access is limited #6951

Merged
merged 11 commits into from
Dec 17, 2020
Merged

Make it possible to allow some pages to display publicly even when organization access is limited #6951

merged 11 commits into from
Dec 17, 2020

Conversation

ahukkanen
Copy link
Contributor

@ahukkanen ahukkanen commented Nov 29, 2020
edited
Loading

🎩 What? Why?

Currently if you have configured the Decidim organization to "Force users to authenticate before access organization", some relevant pages become inaccessible for unauthenticated users.

An example of this is the is the "Find out more about cookies" link in the cookie notification (see the screenshots section). If the user cannot find out more about the cookies, how can you expect them to accept what is written there?

This PR implements a new checkbox for the static pages which allows administrators to configure specific pages to be accessible even without authentication. This configuration option is automatically applied to the terms-and-conditions page where the link in the cookie notification points to.

We also got a user feedback suggesting that this may be against GDPR that they cannot read the terms before accepting them.

Testing

  • Create a new Decidim instance with the default seed content
  • Go to the system administrator panel at /system and enable the "Force users to authenticate before access organization" configuration option for the organization
  • Log out from the system administrator panel
  • Go to the front page of the installation
  • Click the "Find out more about cookies" link in the cookie notification (clear cookies if you don't see it)
  • See that you cannot access the page where you should be able to "find out more about cookies".

📋 Checklist

  • CONSIDER adding a unit test if your PR resolves an issue.
  • ✔️ DO check open PR's to avoid duplicates.
  • ✔️ DO keep pull requests small so they can be easily reviewed.
  • ✔️ DO build locally before pushing.
  • ✔️ DO make sure tests pass.
  • ✔️ DO make sure any new changes are documented in docs/.
  • ✔️ DO add and modify seeds if necessary.
  • ✔️ DO add CHANGELOG upgrade notes if required.
  • ✔️ DO add to GraphQL API if there are new public fields.
  • ✔️ DO add link to MetaDecidim if it's a new feature.
  • AVOID breaking the continuous integration build.
  • AVOID making significant changes to the overall architecture.

📷 Screenshots

An inaccessible link in the cookie notification before signing in:
Cookie notification with a link

@ahukkanen
Add allow_public_access to static pages and make it editable
8550735
@ahukkanen
Always allow access to publicly accessible pages
382ab90
@ahukkanen
Display only correctly accessible pages and topics in the footer
073d582
@ahukkanen
Add model specs for the static pages public access cases
7b4b0a1
@ahukkanen
Add test for the creation of default publicly accessible pages
ec1c9a7
@ahukkanen
Add specs to check for public access pages visibility
af6e35f
@ahukkanen
Update the page management specs to include allow_public_access cases
3e2003c
@ahukkanen
Add a spec to check only accessible pages and topics are displayed in…
bc6c7b7 
… footer
@ahukkanen
Fix static pages form spec and add test case for control public access
d0e8a86
@ahukkanen
Add default to static pages allow_public_access when creating a new page
cf015df
@ahukkanen
Add test case for allow_public_access when creating a new static page
35ceba8
@tramuntanal tramuntanal self-assigned this Dec 17, 2020
tramuntanal
tramuntanal approved these changes Dec 17, 2020
View reviewed changes
Copy link
Contributor

@tramuntanal tramuntanal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch @ahukkanen !

@tramuntanal tramuntanal merged commit c08a898 into decidim:develop Dec 17, 2020
@ahukkanen ahukkanen deleted the feature/public-static-pages branch December 17, 2020 08:29
@mrcasals mrcasals added type: feature PRs or issues that implement a new feature module: admin module: core module: system labels Feb 26, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tramuntanal tramuntanal tramuntanal approved these changes

Assignees

@tramuntanal tramuntanal

Labels
in-review module: admin module: core module: system type: feature PRs or issues that implement a new feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ahukkanen @tramuntanal @mrcasals