From 82ad4790370bfef9f29c3f43370b9d82bfdf1907 Mon Sep 17 00:00:00 2001
From: Jeremy Stretch <jstretch@digitalocean.com>
Date: Mon, 18 Jul 2016 15:28:36 -0400
Subject: [PATCH] Enforce authentication for all secrets API views

---
 netbox/secrets/api/views.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/netbox/secrets/api/views.py b/netbox/secrets/api/views.py
index 629a28300..672165da3 100644
--- a/netbox/secrets/api/views.py
+++ b/netbox/secrets/api/views.py
@@ -28,6 +28,7 @@ class SecretRoleListView(generics.ListAPIView):
     """
     queryset = SecretRole.objects.all()
     serializer_class = serializers.SecretRoleSerializer
+    permission_classes = [IsAuthenticated]
 
 
 class SecretRoleDetailView(generics.RetrieveAPIView):
@@ -36,6 +37,7 @@ class SecretRoleDetailView(generics.RetrieveAPIView):
     """
     queryset = SecretRole.objects.all()
     serializer_class = serializers.SecretRoleSerializer
+    permission_classes = [IsAuthenticated]
 
 
 class SecretListView(generics.GenericAPIView):
@@ -47,6 +49,7 @@ class SecretListView(generics.GenericAPIView):
     serializer_class = serializers.SecretSerializer
     filter_class = SecretFilter
     renderer_classes = [FormlessBrowsableAPIRenderer, JSONRenderer, FreeRADIUSClientsRenderer]
+    permission_classes = [IsAuthenticated]
 
     def get(self, request, private_key=None):
         queryset = self.filter_queryset(self.get_queryset())
@@ -91,6 +94,7 @@ class SecretDetailView(generics.GenericAPIView):
         .prefetch_related('role__users', 'role__groups')
     serializer_class = serializers.SecretSerializer
     renderer_classes = [FormlessBrowsableAPIRenderer, JSONRenderer, FreeRADIUSClientsRenderer]
+    permission_classes = [IsAuthenticated]
 
     def get(self, request, pk, private_key=None):
         secret = get_object_or_404(Secret, pk=pk)