From aab0df431b3294c3b0d8cbe0d413d5a16b782cd7 Mon Sep 17 00:00:00 2001 From: Jim Narey Date: Fri, 8 Mar 2024 09:24:18 +0000 Subject: [PATCH] Re-enable access to Django admin site The middleware to prevent people starting the user journey part way through was a bit strict. This adds an exception to the redirect condition for the admin site. We use startswith rather than the literal path because attempting to access "/admin" immediately redirects to "/admin/login...". --- request_a_govuk_domain/request/middleware.py | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/request_a_govuk_domain/request/middleware.py b/request_a_govuk_domain/request/middleware.py index 80184b29..ab4770f0 100644 --- a/request_a_govuk_domain/request/middleware.py +++ b/request_a_govuk_domain/request/middleware.py @@ -8,9 +8,18 @@ def __init__(self, get_response): def __call__(self, request): response = self.get_response(request) - if request.path != reverse("start") and not self.is_valid_progress(request): - return redirect("start") # Redirect to start page if progress is invalid - return response + if self.is_valid_start_path(request.path): + return response + if self.is_valid_progress(request): + return response + return redirect("start") # Redirect to start page if progress is invalid + + def is_valid_start_path(self, path: str): + if path == reverse("start"): + return True + if path.startswith("/admin"): + return True + return False def is_valid_progress(self, request): if request.session.get("registration_data") is None: