From 09a4ccd62e00e8504f08078ce3c11d1f8fae44a2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= <raphael@vinot.info>
Date: Tue, 15 Sep 2020 01:38:20 +0200
Subject: [PATCH] fix: require login when marking a whole tree as legitimate

---
 website/web/__init__.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/website/web/__init__.py b/website/web/__init__.py
index c0df15a..5ec390a 100644
--- a/website/web/__init__.py
+++ b/website/web/__init__.py
@@ -502,6 +502,7 @@ def body_hash_details(body_hash: str):
 
 
 @app.route('/tree/<string:tree_uuid>/mark_as_legitimate', methods=['POST'])
+@auth.login_required
 def mark_as_legitimate(tree_uuid: str):
     if request.data:
         legitimate_entries = request.get_json(force=True)