From 6ea76010f57b3354b5631dfd1d8187f1c575c783 Mon Sep 17 00:00:00 2001
From: Chandra Y <cyemparala@tacc.utexas.edu>
Date: Thu, 27 Feb 2025 14:15:49 -0600
Subject: [PATCH] Registration for user with no apcd groups (#435)

---
 apcd_cms/src/apps/base/base.py           | 16 ++++++++++++++++
 apcd_cms/src/apps/registrations/views.py |  8 +++++---
 2 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/apcd_cms/src/apps/base/base.py b/apcd_cms/src/apps/base/base.py
index 717d9e5e..dbe734c1 100644
--- a/apcd_cms/src/apps/base/base.py
+++ b/apcd_cms/src/apps/base/base.py
@@ -19,6 +19,14 @@ def dispatch(self, request, *args, **kwargs):
                 status=500)
 
 
+class AuthenticatedUserTemplateMixin:
+    """ API Mixin to restrict access to authenticated users only. """
+
+    def dispatch(self, request, *args, **kwargs):
+        if not request.user.is_authenticated:
+            return HttpResponseRedirect('/')
+        return super().dispatch(request, *args, **kwargs)
+    
 class APCDAdminAccessTemplateMixin:
     """ API Mixin to restrict access to authenticated APCD admins only. """
 
@@ -46,6 +54,14 @@ def dispatch(self, request, *args, **kwargs):
         return super().dispatch(request, *args, **kwargs)
 
 
+class AuthenticatedUserAPIMixin:
+    """ API Mixin to restrict access to authenticated users."""
+
+    def dispatch(self, request, *args, **kwargs):
+        if not request.user.is_authenticated:
+            return JsonResponse({'error': 'Unauthorized'}, status=403)
+        return super().dispatch(request, *args, **kwargs)
+
 class APCDAdminAccessAPIMixin:
     """ API Mixin to restrict access to authenticated APCD admins only. """
 
diff --git a/apcd_cms/src/apps/registrations/views.py b/apcd_cms/src/apps/registrations/views.py
index 4fcc07a3..fa88e132 100644
--- a/apcd_cms/src/apps/registrations/views.py
+++ b/apcd_cms/src/apps/registrations/views.py
@@ -6,7 +6,7 @@
 from django.conf import settings
 from django.http import JsonResponse
 from django.views.generic import TemplateView
-from apps.base.base import BaseAPIView, APCDGroupAccessTemplateMixin, APCDGroupAccessAPIMixin
+from apps.base.base import BaseAPIView, AuthenticatedUserTemplateMixin, AuthenticatedUserAPIMixin
 from requests.auth import HTTPBasicAuth
 import logging
 import rt
@@ -20,11 +20,11 @@
 RT_QUEUE = getattr(settings, 'RT_QUEUE', '')
 
 
-class RegistrationFormTemplate(APCDGroupAccessTemplateMixin, TemplateView):
+class RegistrationFormTemplate(AuthenticatedUserTemplateMixin, TemplateView):
     template_name = 'registration_form.html'
 
 
-class RegistrationFormApi(APCDGroupAccessAPIMixin, BaseAPIView):
+class RegistrationFormApi(AuthenticatedUserAPIMixin, BaseAPIView):
 
     def get(self, request):
         formatted_reg_data = []
@@ -44,6 +44,8 @@ def get(self, request):
         if (request.user.is_authenticated and has_apcd_group(request.user)):
             context = {'registration_data': formatted_reg_data, 'renew': renew}
             return JsonResponse({'response': context})
+        else: 
+            return JsonResponse({'error': 'Unauthorized'}, status=403)
 
     def post(self, request):
         form = json.loads(request.body)