Only render the Template API view for authenticated users. Thanks rgarcia for the report.

Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>

mayan/apps/common/api_views.py

@@ -3,6 +3,7 @@ from __future__ import unicode_literals
 from django.contrib.contenttypes.models import ContentType
 
 from rest_framework import generics
+from rest_framework.permissions import IsAuthenticated
 
 from .classes import Template
 from .serializers import ContentTypeSerializer, TemplateSerializer
@@ -22,6 +23,7 @@ class APITemplateView(generics.RetrieveAPIView):
     get: Retrieve the details of the partial template.
     """
     serializer_class = TemplateSerializer
+    permission_classes = (IsAuthenticated,)
 
     def get_object(self):
         return Template.get(self.kwargs['name']).render(request=self.request)