From 1b29e8998b09c770a498eccb5267fa4d2c52b908 Mon Sep 17 00:00:00 2001
From: makors <makors@makors.xyz>
Date: Fri, 17 Oct 2025 15:22:25 -0400
Subject: [PATCH 1/2] fix(signage): update pages to work unauthenticated

---
 intranet/apps/eighth/models.py        |  5 ++++-
 intranet/apps/eighth/serializers.py   |  6 ++++--
 intranet/apps/signage/pages.py        | 10 +++++++---
 intranet/apps/signage/views.py        |  5 +++++
 intranet/static/css/signage.page.scss |  7 +++++++
 5 files changed, 27 insertions(+), 6 deletions(-)

diff --git a/intranet/apps/eighth/models.py b/intranet/apps/eighth/models.py
index dbec7b3a1ec..1a0b067f5bb 100644
--- a/intranet/apps/eighth/models.py
+++ b/intranet/apps/eighth/models.py
@@ -433,7 +433,10 @@ def is_subscribable_for_user(self, user) -> bool:
         Returns:
             Whether the user can subscribe to the activity.
         """
-        return user.is_eighth_admin or (
+        return (
+            user.is_authenticated
+            and user.is_eighth_admin
+        ) or (
             self.subscriptions_enabled
             and user.is_authenticated
             and (
diff --git a/intranet/apps/eighth/serializers.py b/intranet/apps/eighth/serializers.py
index 6f187581b57..e9200607d96 100644
--- a/intranet/apps/eighth/serializers.py
+++ b/intranet/apps/eighth/serializers.py
@@ -102,7 +102,8 @@ def process_scheduled_activity(
         available_restricted_acts=None,
     ):
         activity = scheduled_activity.activity
-        if user:
+        # Check if user exists in database before accessing properties that require database relationships (bc of signage_user)
+        if user and user.pk and get_user_model().objects.filter(pk=user.pk).exists():
             is_non_student_admin = user.is_eighth_admin and not user.is_student
         else:
             is_non_student_admin = False
@@ -206,7 +207,8 @@ def get_scheduled_activity(self, scheduled_activity_id):
     def fetch_activity_list_with_metadata(self, block):
         user = self.context.get("user", self.context["request"].user)
 
-        if user:
+        # Check if user exists and is saved in the database before accessing relationships
+        if user and user.pk and get_user_model().objects.filter(pk=user.pk).exists():
             favorited_activities = set(user.favorited_activity_set.values_list("id", flat=True))
             recommended_activities = user.recommended_activities
             subscribed_activities = set(user.subscribed_activity_set.values_list("id", flat=True))
diff --git a/intranet/apps/signage/pages.py b/intranet/apps/signage/pages.py
index a35581ab2b0..ceb8c1db07e 100644
--- a/intranet/apps/signage/pages.py
+++ b/intranet/apps/signage/pages.py
@@ -6,14 +6,18 @@
 
 from ..announcements.models import Announcement
 from ..schedule.models import Day
-
+from ...utils.html import nullify_links
 
 def hello_world(page, sign, request):
     return {"message": f"{page.name} from {sign.name} says Hello"}
 
-
 def announcements(page, sign, request):  # pylint: disable=unused-argument
-    return {"public_announcements": Announcement.objects.filter(groups__isnull=True, expiration_date__gt=timezone.now())}
+    announcement_list = Announcement.objects.filter(groups__isnull=True, expiration_date__gt=timezone.now())
+
+    for ann in announcement_list:
+        ann.content = nullify_links(ann.content)
+        
+    return {"public_announcements": announcement_list}
 
 
 def bus(page, sign, request):  # pylint: disable=unused-argument
diff --git a/intranet/apps/signage/views.py b/intranet/apps/signage/views.py
index 21a6b297db8..6595fb78b2f 100644
--- a/intranet/apps/signage/views.py
+++ b/intranet/apps/signage/views.py
@@ -30,6 +30,11 @@ def check_internal_ip(request) -> HttpResponse | None:
         a 403 if the request is unauthorized or None if the request is authorized
     """
     remote_addr = request.headers["x-real-ip"] if "x-real-ip" in request.headers else request.META.get("REMOTE_ADDR", "")
+    
+    # in development, allow all requests
+    if not settings.PRODUCTION:
+        return None
+    
     if (not request.user.is_authenticated or request.user.is_restricted) and remote_addr not in settings.TJ_IPS:
         return render(request, "error/403.html", {"reason": "You are not authorized to view this page."}, status=403)
 
diff --git a/intranet/static/css/signage.page.scss b/intranet/static/css/signage.page.scss
index 137642b1557..da4f3b99004 100644
--- a/intranet/static/css/signage.page.scss
+++ b/intranet/static/css/signage.page.scss
@@ -6,3 +6,10 @@ html, body {
 ::-webkit-scrollbar {
     display: none;
 }
+
+/* make links "invisible" */
+a:link, a:visited, a:hover, a:active, a:focus {
+    text-decoration: none;
+    color: inherit;
+    cursor: default;
+}
\ No newline at end of file

From 95284c2bdccba72e3016b2ee29d0e7c394ed1199 Mon Sep 17 00:00:00 2001
From: makors <makors@makors.xyz>
Date: Fri, 17 Oct 2025 15:58:39 -0400
Subject: [PATCH 2/2] fix formatting

---
 config/docker/secret.py        | 4 ++--
 intranet/apps/signage/pages.py | 2 --
 intranet/apps/signage/views.py | 1 -
 3 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/config/docker/secret.py b/config/docker/secret.py
index 30b21e2542a..2c18a5c0c89 100644
--- a/config/docker/secret.py
+++ b/config/docker/secret.py
@@ -9,7 +9,7 @@
     "default": {
         "BACKEND": "django_redis.cache.RedisCache",
         "LOCATION": "redis://redis:6379",
-        "OPTIONS": {"CLIENT_CLASS": "django_redis.client.DefaultClient", "PICKLE_VERSION": 4 },
+        "OPTIONS": {"CLIENT_CLASS": "django_redis.client.DefaultClient", "PICKLE_VERSION": 4},
         "KEY_PREFIX": "ion",
     }
 }
@@ -69,4 +69,4 @@
 ss1Vdd9PI3UDP+N/xNbT/ej05q5vzTH/6cCxKElf7UDLsdHfN5DbLTRIHVounfBI
 0JmEiAMwVCk6GIsTsve9YjxfqKHDS7Sz33KtrNSfeB1GFDIvkXhF/LP7SYw=
 -----END RSA PRIVATE KEY-----
-"""  # Change this in production!!
\ No newline at end of file
+"""  # Change this in production!!
diff --git a/intranet/apps/signage/pages.py b/intranet/apps/signage/pages.py
index ceb8c1db07e..d5b1bdbd7b4 100644
--- a/intranet/apps/signage/pages.py
+++ b/intranet/apps/signage/pages.py
@@ -16,10 +16,8 @@ def announcements(page, sign, request):  # pylint: disable=unused-argument
 
     for ann in announcement_list:
         ann.content = nullify_links(ann.content)
-        
     return {"public_announcements": announcement_list}
 
-
 def bus(page, sign, request):  # pylint: disable=unused-argument
     now = timezone.localtime()
     time = "afternoon"
diff --git a/intranet/apps/signage/views.py b/intranet/apps/signage/views.py
index 6595fb78b2f..2da3583c99d 100644
--- a/intranet/apps/signage/views.py
+++ b/intranet/apps/signage/views.py
@@ -30,7 +30,6 @@ def check_internal_ip(request) -> HttpResponse | None:
         a 403 if the request is unauthorized or None if the request is authorized
     """
     remote_addr = request.headers["x-real-ip"] if "x-real-ip" in request.headers else request.META.get("REMOTE_ADDR", "")
-    
     # in development, allow all requests
     if not settings.PRODUCTION:
         return None