update docs

jchate6 · jchate6 · commit 972082f629a5 · 2026-03-11T17:18:15.000-07:00
diff --git a/docs/common/customsettings.rst b/docs/common/customsettings.rst
@@ -165,8 +165,8 @@ details and available hooks.
 Default: []
 
 With an `AUTH_STRATEGY <#auth-strategy>`__ value of **LOCKED**, urls in
-this list will remain visible to unauthenticated users. You might add
-the homepage (‘/’), for example.
+this list will remain visible to unauthenticated users. You can also use wild cards to open an entire path.
+You might add the homepage (‘/’), for example, or anything with a path that looks like '/accounts/reset/*/'.
 
 `TARGET_PERMISSIONS_ONLY <#target-permissions-only>`__
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/tom_base/settings.py b/tom_base/settings.py
@@ -310,7 +310,7 @@
 # Define custom DataProcessor class
 # DATA_PROCESSOR_CLASS = 'mytom.custom_data_processor.CustomDataProcessor'
 
-# Authentication strategy can either be LOCKED (required login for all views)
+# Authentication strategy can either be LOCKED (required login for all views, bypassed with OPEN_URLS)
 # or READ_ONLY (read only access to views)
 AUTH_STRATEGY = 'READ_ONLY'
 
@@ -330,8 +330,8 @@
     "name", "type", "observations", "saved_data"
 ]
 
-# URLs that should be allowed access even with AUTH_STRATEGY = LOCKED
-# for example: OPEN_URLS = ['/', '/about']
+# URLs that should be allowed access even with AUTH_STRATEGY = LOCKED. Can use wildcards.
+# for example: OPEN_URLS = ['/', '/about', '/accounts/reset/*/']
 OPEN_URLS = []
 
 HOOKS = {
diff --git a/tom_setup/templates/tom_setup/settings.tmpl b/tom_setup/templates/tom_setup/settings.tmpl
@@ -328,7 +328,7 @@ GENERAL_SEARCH_FUNCTIONS = {}
 # This list can be used to add custom target parameters to the output from the target selection tool
 SELECTION_EXTRA_FIELDS = []
 
-# Authentication strategy can either be LOCKED (required login for all views)
+# Authentication strategy can either be LOCKED (required login for all views, bypassed with OPEN_URLS)
 # or READ_ONLY (read only access to views)
 AUTH_STRATEGY = 'READ_ONLY'
 
@@ -348,8 +348,8 @@ TARGET_LIST_COLUMNS = [
     "name", "type", "observations", "saved_data"
 ]
 
-# URLs that should be allowed access even with AUTH_STRATEGY = LOCKED
-# for example: OPEN_URLS = ['/', '/about']
+# URLs that should be allowed access even with AUTH_STRATEGY = LOCKED. Can use wildcards.
+# for example: OPEN_URLS = ['/', '/about', '/accounts/reset/*/']
 OPEN_URLS = []
 
 HOOKS = {
