From fe2ac3d97d1ec6fa11d351714e1e3c36f8b5d8f1 Mon Sep 17 00:00:00 2001
From: mpeltriaux <Michel_Peltriaux@web.de>
Date: Tue, 21 Oct 2025 19:37:34 +0200
Subject: [PATCH] # Test update

* fixes bug for sharing via token where permission was too tight
---
 konova/tests/test_views.py | 2 +-
 konova/views/share.py      | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/konova/tests/test_views.py b/konova/tests/test_views.py
index 4977bfee..4d95fbd3 100644
--- a/konova/tests/test_views.py
+++ b/konova/tests/test_views.py
@@ -543,7 +543,7 @@ class BaseViewTestCase(BaseTestCase):
         for url, redirect_to in urls.items():
             response = client.get(url, follow=True)
             # Expect redirects to the landing page
-            self.assertEqual(response.redirect_chain[0], (redirect_to, 302), msg=f"Failed for {url}")
+            self.assertEqual(response.redirect_chain[0], (redirect_to, 302), msg=f"Failed for {url}. Expected {redirect_to}")
 
     def assert_url_fail(self, client: Client, urls: list):
         """ Assert for all given urls a direct 302 response
diff --git a/konova/views/share.py b/konova/views/share.py
index 4d894338..482e62f7 100644
--- a/konova/views/share.py
+++ b/konova/views/share.py
@@ -61,7 +61,8 @@ class AbstractShareByTokenView(LoginRequiredMixin, BaseView):
             return redirect("home")
 
     def _user_has_permission(self, user):
-        return user.is_default_user()
+        # No permissions are needed to get shared access via token
+        return True
 
     def _user_has_shared_access(self, user, **kwargs):
         # The user does not need to have shared access to call the endpoint which gives them shared access