3 files changed, 11 insertions, 2 deletions

diff --git a/archaeological_finds/views.py b/archaeological_finds/views.py
index d5d5d88b6..763733bd9 100644
--- a/archaeological_finds/views.py
+++ b/archaeological_finds/views.py
@@ -20,6 +20,7 @@
 from collections import OrderedDict
 import json
 
+from rest_framework import authentication, permissions
 from rest_framework.views import APIView
 from rest_framework.response import Response
 
@@ -1008,8 +1009,8 @@ class QAFindbasketDuplicateFormView(QAItemForm):
 
 
 class PublicFindAPI(APIView):
-    # authentication_classes = (authentication.TokenAuthentication,)
-    # permission_classes = (permissions.IsAdminUser,)
+    authentication_classes = (authentication.TokenAuthentication,)
+    permission_classes = (permissions.IsAuthenticated,)
 
     def get_queryset(self):
         empty = models.Find.objects.filter(pk=None)
diff --git a/example_project/settings.py b/example_project/settings.py
index 96feaa477..d7ecb4254 100644
--- a/example_project/settings.py
+++ b/example_project/settings.py
@@ -155,6 +155,7 @@ INSTALLED_APPS = [
     'ajax_select',
     'compressor',
     'rest_framework',
+    'rest_framework.authtoken',
     'django.contrib.auth',
     'django.contrib.admin',
     'django.contrib.contenttypes',
diff --git a/ishtar_common/admin.py b/ishtar_common/admin.py
index 75d223005..4449f7ba4 100644
--- a/ishtar_common/admin.py
+++ b/ishtar_common/admin.py
@@ -26,6 +26,9 @@ import tempfile
 import urllib
 import zipfile
 
+from rest_framework.authtoken.admin import TokenAdmin
+from rest_framework.authtoken.models import Token
+
 from ajax_select import make_ajax_form
 from ajax_select.fields import AutoCompleteSelectField, \
     AutoCompleteSelectMultipleField
@@ -200,6 +203,10 @@ def export_as_geojson_action(
     return export_as_geojson
 
 
+TokenAdmin.raw_id_fields = ('user',)
+admin_site.register(Token, TokenAdmin)
+
+
 class HistorizedObjectAdmin(admin.ModelAdmin):
     readonly_fields = ['history_creator', 'history_modifier', 'search_vector']