From 41f0aae142a41b48747e66ce51008965402877f4 Mon Sep 17 00:00:00 2001
From: astex <0astex@gmail.com>
Date: Mon, 25 Apr 2016 09:55:51 -0400
Subject: [PATCH 1/2] Require login for API operations.

---
 app/permissions/auth.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/permissions/auth.py b/app/permissions/auth.py
index 9c66869..c6820df 100644
--- a/app/permissions/auth.py
+++ b/app/permissions/auth.py
@@ -63,4 +63,4 @@ class AuthNeed(Permission):
 auth_need = AuthNeed()
 
 
-standard_login_need = app_need #& auth_need
+standard_login_need = app_need & auth_need
-- 
GitLab


From 2cf2316967cd548b00c917806c4fbbe5d6464750 Mon Sep 17 00:00:00 2001
From: astex <0astex@gmail.com>
Date: Mon, 25 Apr 2016 10:39:47 -0400
Subject: [PATCH 2/2] Add auth requirement to the project post endpoint.

---
 app/views/project.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/views/project.py b/app/views/project.py
index bd6ebae..3f090c3 100644
--- a/app/views/project.py
+++ b/app/views/project.py
@@ -33,8 +33,8 @@ class ProjectView(UnprotectedRestView):
         need = app_need
         if form == 'salesforce':
             need &= RoleNeed('project_post_salesforce')
-        #else:
-        #    need &= auth_need
+        else:
+            need &= auth_need
 
         with need:
             return super(ProjectView, self).post()
-- 
GitLab