Safer redirects for access codes in notificaction emails
Email notifications for sharing pages / notifiying users (via right sidebar) were brought back in #161 (closed).
Notification emails contain an encoded link like https://we.riseup.net/code/FIEqlG6fr9 which redirects to the page like https://we.riseup.net/mygroupname/mypagename
This might leak sensitive information like the groupname or the pagename.
We only want to perform the redirect if the user has the right to see the content.
User is logged in
- redirect to page if user is allowed to see the content
User is not logged in
- redirect if page is public
- ask user to login and perform check afterwards
Edited by dgt