# HG changeset patch
# User domruf <dominikruf@gmail.com>
# Date 2017-11-23 22:16:34
# Node ID dc7e37ec3dfd6db0c68105351dc763dbb261e521
# Parent  3dbb625d5f9c152bfec17f712c84f4a992956e6a

auth: users_and_groups_data should not be available for anonymous/default user

diff --git a/kallithea/controllers/home.py b/kallithea/controllers/home.py
--- a/kallithea/controllers/home.py
+++ b/kallithea/controllers/home.py
@@ -145,7 +145,7 @@ class HomeController(BaseController):
         }
         return data
 
-    @LoginRequired(allow_default_user=True)
+    @LoginRequired()
     @jsonify
     def users_and_groups_data(self):
         """
diff --git a/kallithea/tests/functional/test_home.py b/kallithea/tests/functional/test_home.py
--- a/kallithea/tests/functional/test_home.py
+++ b/kallithea/tests/functional/test_home.py
@@ -66,10 +66,13 @@ class TestHomeController(TestController)
             Session().commit()
 
     def test_users_and_groups_data(self):
-        self.log_user()
         fixture.create_user('evil', firstname=u'D\'o\'ct"o"r', lastname=u'Évíl')
         fixture.create_user_group(u'grrrr', user_group_description=u"Groüp")
         response = self.app.get(url('users_and_groups_data', query=u'evi'))
+        assert response.status_code == 302
+        assert url('login_home') in response.location
+        self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
+        response = self.app.get(url('users_and_groups_data', query=u'evi'))
         result = json.loads(response.body)['results']
         assert result[0].get('fname') == u'D\'o\'ct"o"r'
         assert result[0].get('lname') == u'Évíl'