From 3d895fcd7b19bc349e6af1f8cc7271e49b7138eb Mon Sep 17 00:00:00 2001 From: Eric Holscher Date: Thu, 30 Jan 2020 11:00:34 -0800 Subject: [PATCH 1/3] Remove re-authing of users on downloads. This was causing an issue on .com. The `allowed_user` functionality works with logged in docs users, whereas the `public()` queryset method doesn't. --- readthedocs/projects/views/public.py | 5 ----- 1 file changed, 5 deletions(-) diff --git a/readthedocs/projects/views/public.py b/readthedocs/projects/views/public.py index fbf98fabc62..85ca0eddc08 100644 --- a/readthedocs/projects/views/public.py +++ b/readthedocs/projects/views/public.py @@ -313,11 +313,6 @@ def get( if not self.allowed_user(request, final_project, version_slug): return self.get_unauthed_response(request, final_project) - version = get_object_or_404( - final_project.versions.public(user=request.user), - slug=version_slug, - ) - else: # All the arguments come from the URL. version = get_object_or_404( From 38593bf66ecc2ccdc17d70c949ee416157900183 Mon Sep 17 00:00:00 2001 From: Eric Holscher Date: Thu, 30 Jan 2020 11:03:01 -0800 Subject: [PATCH 2/3] Keep version query --- readthedocs/projects/views/public.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/readthedocs/projects/views/public.py b/readthedocs/projects/views/public.py index 85ca0eddc08..ba4aaab86b3 100644 --- a/readthedocs/projects/views/public.py +++ b/readthedocs/projects/views/public.py @@ -313,6 +313,11 @@ def get( if not self.allowed_user(request, final_project, version_slug): return self.get_unauthed_response(request, final_project) + version = get_object_or_404( + final_project.versions, + slug=version_slug, + ) + else: # All the arguments come from the URL. version = get_object_or_404( From d8de7c0711a9ed2c22d0011d302baa7f01b00f53 Mon Sep 17 00:00:00 2001 From: Manuel Kaufmann Date: Thu, 30 Jan 2020 20:07:22 +0100 Subject: [PATCH 3/3] Comment about removing .public filtering --- readthedocs/projects/views/public.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/readthedocs/projects/views/public.py b/readthedocs/projects/views/public.py index ba4aaab86b3..aa994d12dcd 100644 --- a/readthedocs/projects/views/public.py +++ b/readthedocs/projects/views/public.py @@ -313,6 +313,8 @@ def get( if not self.allowed_user(request, final_project, version_slug): return self.get_unauthed_response(request, final_project) + # We don't use ``.public`` in this filter because the access + # permission was already granted by ``.allowed_user`` version = get_object_or_404( final_project.versions, slug=version_slug,