From fc2c2d0aa330ba103edbfd8a363c1967cec421f0 Mon Sep 17 00:00:00 2001
From: Alf Eaton <alf.eaton@overleaf.com>
Date: Mon, 28 Mar 2022 11:23:47 +0100
Subject: [PATCH] Merge pull request #7262 from
 overleaf/jpa-missing-required-login

[web] require a logged in user for (un-)archiving/(un-)trashing projects

GitOrigin-RevId: 90e6d1654065d759dce612bd6714e6e0018b19ff
---
 services/web/app/src/router.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/services/web/app/src/router.js b/services/web/app/src/router.js
index 181a9ac2e9..75c78cc0db 100644
--- a/services/web/app/src/router.js
+++ b/services/web/app/src/router.js
@@ -530,21 +530,25 @@ function initialize(webRouter, privateApiRouter, publicApiRouter) {
 
   webRouter.post(
     '/Project/:Project_id/archive',
+    AuthenticationController.requireLogin(),
     AuthorizationMiddleware.ensureUserCanReadProject,
     ProjectController.archiveProject
   )
   webRouter.delete(
     '/Project/:Project_id/archive',
+    AuthenticationController.requireLogin(),
     AuthorizationMiddleware.ensureUserCanReadProject,
     ProjectController.unarchiveProject
   )
   webRouter.post(
     '/project/:project_id/trash',
+    AuthenticationController.requireLogin(),
     AuthorizationMiddleware.ensureUserCanReadProject,
     ProjectController.trashProject
   )
   webRouter.delete(
     '/project/:project_id/trash',
+    AuthenticationController.requireLogin(),
     AuthorizationMiddleware.ensureUserCanReadProject,
     ProjectController.untrashProject
   )