Add a user info scope and thread it through the code. Protect the org modification API.

endpoints/api/logs.py

@@ -4,7 +4,7 @@ from datetime import datetime, timedelta
 
 from endpoints.api import (resource, nickname, ApiResource, query_param, parse_args,
                            RepositoryParamResource, require_repo_admin, related_user_resource,
-                           format_date, Unauthorized, NotFound)
+                           format_date, Unauthorized, NotFound, require_user_admin)
 from auth.permissions import AdministerOrganizationPermission, AdministerOrganizationPermission
 from auth.auth_context import get_authenticated_user
 from data import model
@@ -84,6 +84,7 @@ class RepositoryLogs(RepositoryParamResource):
 @resource('/v1/user/logs')
 class UserLogs(ApiResource):
   """ Resource for fetching logs for the current user. """
+  @require_user_admin
   @nickname('listUserLogs')
   @parse_args
   @query_param('starttime', 'Earliest time from which to get logs. (%m/%d/%Y %Z)', type=str)
@@ -96,9 +97,6 @@ class UserLogs(ApiResource):
     end_time = args['endtime']
 
     user = get_authenticated_user()
-    if not user:
-      raise Unauthorized()
-
     return get_logs(user.username, start_time, end_time, performer_name=performer_name)