From db936bf75a00d75a092999aa87c7f6adaafdf416 Mon Sep 17 00:00:00 2001
From: Yohann D'ANELLO <ynerant@crans.org>
Date: Thu, 9 Sep 2021 17:52:52 +0200
Subject: [PATCH] Avoid anonymous users to access to the WEI registration form

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
---
 apps/wei/views.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/apps/wei/views.py b/apps/wei/views.py
index 348ac751..35a05aaf 100644
--- a/apps/wei/views.py
+++ b/apps/wei/views.py
@@ -511,7 +511,8 @@ class WEIRegister1AView(ProtectQuerysetMixin, ProtectedCreateView):
         if today >= wei.date_start or today < wei.membership_start:
             return redirect(reverse_lazy('wei:wei_closed', args=(wei.pk,)))
         # Don't register twice
-        if 'myself' in self.request.path and WEIRegistration.objects.filter(wei=wei, user=self.request.user).exists():
+        if 'myself' in self.request.path and not self.request.user.is_anonymous \
+                and WEIRegistration.objects.filter(wei=wei, user=self.request.user).exists():
             obj = WEIRegistration.objects.get(wei=wei, user=self.request.user)
             return redirect(reverse_lazy('wei:wei_update_registration', args=(obj.pk,)))
         return super().dispatch(request, *args, **kwargs)
@@ -590,7 +591,8 @@ class WEIRegister2AView(ProtectQuerysetMixin, ProtectedCreateView):
         if today >= wei.date_start or today < wei.membership_start:
             return redirect(reverse_lazy('wei:wei_closed', args=(wei.pk,)))
         # Don't register twice
-        if 'myself' in self.request.path and WEIRegistration.objects.filter(wei=wei, user=self.request.user).exists():
+        if 'myself' in self.request.path and not self.request.user.is_anonymous \
+                and WEIRegistration.objects.filter(wei=wei, user=self.request.user).exists():
             obj = WEIRegistration.objects.get(wei=wei, user=self.request.user)
             return redirect(reverse_lazy('wei:wei_update_registration', args=(obj.pk,)))
         return super().dispatch(request, *args, **kwargs)