From 1e2286e9273763092ef2c918c18809c627341a0e Mon Sep 17 00:00:00 2001
From: Andrew Williams <andy@tensixtyone.com>
Date: Wed, 14 Apr 2010 13:14:53 +0100
Subject: [PATCH] Further login validation, returned error on anonymous logout

---
 api/handlers.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/handlers.py b/api/handlers.py
index 18abf28..5266ecd 100644
--- a/api/handlers.py
+++ b/api/handlers.py
@@ -68,7 +68,7 @@ class LogoutHandler(BaseHandler):
 
     def read(self, request):
         if request.user and not request.user.is_authenticated():
-            return {'auth': 'notrequired', }
+            return rc.FORBIDDEN
 
         logout(request)
         return { 'auth': 'logout', }
@@ -77,7 +77,7 @@ class AccessHandler(BaseHandler):
     allowed_methods = ('GET')
 
     def read(self, request):
-        if not request.user:
+        if not request.user and not request.user.is_authenticated():
             return rc.FORBIDDEN
 
         if not 'serviceid' in request.GET: