return permission denied when anonymous user tries to use REST
diff --git a/planetstack/core/xoslib/methods/sliceplus.py b/planetstack/core/xoslib/methods/sliceplus.py
index 0a8852a..c71b57d 100644
--- a/planetstack/core/xoslib/methods/sliceplus.py
+++ b/planetstack/core/xoslib/methods/sliceplus.py
@@ -7,6 +7,7 @@
from django.forms import widgets
from core.xoslib.objects.sliceplus import SlicePlus
from plus import PlusSerializerMixin, PlusRetrieveUpdateDestroyAPIView, PlusListCreateAPIView
+from django.core.exceptions import PermissionDenied
if hasattr(serializers, "ReadOnlyField"):
# rest_framework 3.x
@@ -79,6 +80,9 @@
def get_queryset(self):
current_user_can_see = self.request.QUERY_PARAMS.get('current_user_can_see', False)
+ if (not self.request.user.is_authenticated()):
+ raise PermissionDenied("You must be authenticated in order to use this API")
+
slices = SlicePlus.select_by_user(self.request.user)
# If current_user_can_see is set, then filter the queryset to return
@@ -102,6 +106,8 @@
method_name = "slicesplus"
def get_queryset(self):
+ if (not self.request.user.is_authenticated()):
+ raise PermissionDenied("You must be authenticated in order to use this API")
return SlicePlus.select_by_user(self.request.user)
def update(self, request, *args, **kwargs):