Merge pull request #1059 from qzapata/unauth_account_creation_fix

Fix bug where unauthorized users could interact with source_access

crits/core/views.py

@@ -714,6 +714,7 @@ def source_releasability(request):
         error = "Expected AJAX POST!"
         return render(request, "error.html", {"error" : error })
 
+@user_passes_test(user_can_view_data)
 def source_access(request):
     """
     Modify a user's profile. Should be an AJAX POST.