return permission denied when anonymous user tries to use REST

commit: 960431e044b0ba41841f48c132145645062bb5c9 [log] [tgz]
author: Scott Baker <smbaker@gmail.com> Mon Feb 02 10:41:12 2015 -0800
committer: Scott Baker <smbaker@gmail.com> Mon Feb 02 10:41:12 2015 -0800
tree: 0caa5a788d45f2614be2c8c9f989a40a4acde79b
parent: 7162106d6470976885dce6a7259383ce16fac909 [diff] [blame]
diff --git a/planetstack/apigen/api.template.py b/planetstack/apigen/api.template.py
index 1f2c3a5..021c01d 100644
--- a/planetstack/apigen/api.template.py
+++ b/planetstack/apigen/api.template.py

@@ -9,6 +9,7 @@
 from django.forms import widgets
 from rest_framework import filters
 from django.conf.urls import patterns, url
+from django.core.exceptions import PermissionDenied
 
 if hasattr(serializers, "ReadOnlyField"):
     # rest_framework 3.x
@@ -226,6 +227,8 @@
             return self.serializer_class
 
     def get_queryset(self):
+        if (not self.request.user.is_authenticated()):
+            raise PermissionDenied("You must be authenticated in order to use this API")
         return {{ object.camel }}.select_by_user(self.request.user)
 
     def create(self, request, *args, **kwargs):
@@ -264,6 +267,8 @@
             return self.serializer_class
 
     def get_queryset(self):
+        if (not self.request.user.is_authenticated()):
+            raise PermissionDenied("You must be authenticated in order to use this API")
         return {{ object.camel }}.select_by_user(self.request.user)
 
     # update() is handled by PlanetStackRetrieveUpdateDestroyAPIView
commit	960431e044b0ba41841f48c132145645062bb5c9	[log] [tgz]
author	Scott Baker <smbaker@gmail.com>	Mon Feb 02 10:41:12 2015 -0800
committer	Scott Baker <smbaker@gmail.com>	Mon Feb 02 10:41:12 2015 -0800
tree	0caa5a788d45f2614be2c8c9f989a40a4acde79b
parent	7162106d6470976885dce6a7259383ce16fac909 [diff] [blame]