We're updating the issue view to help you get more done. 

Require authentication for all REST services

Description

Most of the REST service calls are not currently enforcing authentication. All REST calls should require at least the "authenticated" privilege or they should return a 403 status. As new privileges are added for various other areas, the REST call protection can be increased.

Environment

None

Status

Assignee

DerekA

Reporter

DerekA

Labels

None

Components

Fix versions

Priority

Major