Server error when anonymous user access expenses #2015
Description
Describe the bug
When an anonymous user access different economy views, the server throws internal server error.
Internal Server Error: /bornhack-2026/economy/reimbursements/create/
Traceback (most recent call last):
File "/home/csh/dev/bornhack/bornhack-website/.venv/lib/python3.14/site-packages/django/core/handlers/exception.py", line 55, in inner
response = get_response(request)
File "/home/csh/dev/bornhack/bornhack-website/.venv/lib/python3.14/site-packages/django/core/handlers/base.py", line 197, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/home/csh/dev/bornhack/bornhack-website/.venv/lib/python3.14/site-packages/django/views/generic/base.py", line 105, in view
return self.dispatch(request, *args, **kwargs)
~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/csh/dev/bornhack/bornhack-website/src/economy/views.py", line 418, in dispatch
self.expenses = request.user.expenses.filter(
^^^^^^^^^^^^^^^^^^^^^
File "/home/csh/dev/bornhack/bornhack-website/.venv/lib/python3.14/site-packages/django/utils/functional.py", line 253, in inner
return func(_wrapped, *args)
File "/home/csh/dev/bornhack/bornhack-website/.venv/lib/python3.14/site-packages/django/utils/functional.py", line 253, in inner
return func(_wrapped, *args)
AttributeError: 'AnonymousUser' object has no attribute 'expenses'
[23/Jan/2026 10:17:54] "GET /bornhack-2026/economy/reimbursements/create/ HTTP/1.1" 500 17211
Proposed fix
Implement LoginRequiredMixin for handling redirects of users. (for this to work, current views overriding dispatch needs a refactor)
Bonus points
The ExpensePermissionMixin returns a Http404 when missing object, missing authentication or missing permissions. It could implement LoginRequiredMixin directly as authentication is needed before checking permissions of a user.