From 4f4cd399b82d5c77230e90e6112ab4408286dac8 Mon Sep 17 00:00:00 2001
From: Trever Fischer <tdfischer@fedoraproject.org>
Date: Tue, 6 Mar 2012 18:25:36 -0500
Subject: [PATCH] Return a 403 code for the anonymous balance query

---
 api/handlers.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/api/handlers.py b/api/handlers.py
index 6412288..046164b 100644
--- a/api/handlers.py
+++ b/api/handlers.py
@@ -33,7 +33,10 @@ class MOTDHandler(AnonymousBaseHandler):
 class BalanceHandler(BaseHandler):
     def read(self, request):
         user = request.user
-        return {"balance":user.minecraftprofile.currencyaccount.balance}
+        if user.is_anonymous():
+            return HttpResponse(status=403)
+        else:
+            return {"balance":user.minecraftprofile.currencyaccount.balance}
 
 class ServerHandler(AnonymousBaseHandler):
     allowed_methods = ('GET',)