fix: skip login on /viewplan for MachAI iframe users#575
Merged
Conversation
Extract is_machai_user() into database_api/ so both frontend and worker share the same check. /viewplan now looks up the task's user_id: MachAI users (non-UUID, not in UserAccount) can view without login; regular users still require authentication and ownership. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Accept plan_id as the primary parameter, fall back to run_id for backwards compatibility. Update all internal links. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Update render_template calls and all Jinja references in run_via_database.html and plan_iframe.html. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
… downloads Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Fixes pyright error: Flask type doesn't expose login_manager attribute. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
is_machai_user()intodatabase_api/is_machai_user.py— single source of truth for identifying MachAI iframe users, used by bothfrontend_multi_userandworker_plan_database/viewplanno longer requires@login_requiredunconditionally — checkstask.user_idfirst: MachAI users can view without login, regular users still require authentication and ownership_should_send_to_machai()in the worker now delegates to the sharedis_machai_user()Test plan
/viewplanwithout login prompt🤖 Generated with Claude Code