From 450ff7318f20686444f167ed4aaee8645fbe3268 Mon Sep 17 00:00:00 2001
From: catbref <misc-github@talk2dom.com>
Date: Wed, 4 Mar 2020 15:41:19 +0000
Subject: [PATCH] Slightly more restrictive API access

---
 src/main/java/org/qortal/api/resource/AdminResource.java | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/main/java/org/qortal/api/resource/AdminResource.java b/src/main/java/org/qortal/api/resource/AdminResource.java
index 974af3c9..abf1f37b 100644
--- a/src/main/java/org/qortal/api/resource/AdminResource.java
+++ b/src/main/java/org/qortal/api/resource/AdminResource.java
@@ -202,6 +202,8 @@ public class AdminResource {
 	)
 	@ApiErrors({ApiError.REPOSITORY_ISSUE})
 	public List<MintingAccountData> getMintingAccounts() {
+		Security.checkApiCallAllowed(request);
+
 		try (final Repository repository = RepositoryManager.getRepository()) {
 			List<MintingAccountData> mintingAccounts = repository.getAccountRepository().getMintingAccounts();
 
@@ -246,6 +248,8 @@ public class AdminResource {
 	)
 	@ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.REPOSITORY_ISSUE, ApiError.CANNOT_MINT})
 	public String addMintingAccount(String seed58) {
+		Security.checkApiCallAllowed(request);
+
 		try (final Repository repository = RepositoryManager.getRepository()) {
 			byte[] seed = Base58.decode(seed58.trim());
 
@@ -296,6 +300,8 @@ public class AdminResource {
 	)
 	@ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.REPOSITORY_ISSUE})
 	public String deleteMintingAccount(String seed58) {
+		Security.checkApiCallAllowed(request);
+
 		try (final Repository repository = RepositoryManager.getRepository()) {
 			byte[] seed = Base58.decode(seed58.trim());