return permission denied when anonymous user tries to use REST
diff --git a/planetstack/apigen/api.template.py b/planetstack/apigen/api.template.py
index 1f2c3a5..021c01d 100644
--- a/planetstack/apigen/api.template.py
+++ b/planetstack/apigen/api.template.py
@@ -9,6 +9,7 @@
from django.forms import widgets
from rest_framework import filters
from django.conf.urls import patterns, url
+from django.core.exceptions import PermissionDenied
if hasattr(serializers, "ReadOnlyField"):
# rest_framework 3.x
@@ -226,6 +227,8 @@
return self.serializer_class
def get_queryset(self):
+ if (not self.request.user.is_authenticated()):
+ raise PermissionDenied("You must be authenticated in order to use this API")
return {{ object.camel }}.select_by_user(self.request.user)
def create(self, request, *args, **kwargs):
@@ -264,6 +267,8 @@
return self.serializer_class
def get_queryset(self):
+ if (not self.request.user.is_authenticated()):
+ raise PermissionDenied("You must be authenticated in order to use this API")
return {{ object.camel }}.select_by_user(self.request.user)
# update() is handled by PlanetStackRetrieveUpdateDestroyAPIView