konova/tests/test_views.py

@@ -543,7 +543,7 @@ class BaseViewTestCase(BaseTestCase):
         for url, redirect_to in urls.items():
             response = client.get(url, follow=True)
             # Expect redirects to the landing page
-            self.assertEqual(response.redirect_chain[0], (redirect_to, 302), msg=f"Failed for {url}")
+            self.assertEqual(response.redirect_chain[0], (redirect_to, 302), msg=f"Failed for {url}. Expected {redirect_to}")
 
     def assert_url_fail(self, client: Client, urls: list):
         """ Assert for all given urls a direct 302 response

konova/views/share.py

@@ -61,7 +61,8 @@ class AbstractShareByTokenView(LoginRequiredMixin, BaseView):
             return redirect("home")
 
     def _user_has_permission(self, user):
-        return user.is_default_user()
+        # No permissions are needed to get shared access via token
+        return True
 
     def _user_has_shared_access(self, user, **kwargs):
         # The user does not need to have shared access to call the endpoint which gives them shared access