Apply access restrictions to writable routes

lib/www/server/api/index.js

@@ -107,7 +107,7 @@ app.map({
 	},
 	'/project/:project/line/:line': {
 // 		get: [ mw.line.get ],
-		patch: [ mw.line.patch ],
+		patch: [ mw.auth.access.write, mw.line.patch ],
 	},
 
 	'/project/:project/sequence/': {
@@ -115,30 +115,30 @@ app.map({
 	},
 	'/project/:project/sequence/:sequence': {
 // 		get: [ mw.sequence.get ],
-		patch: [ mw.sequence.patch ],
+		patch: [ mw.auth.access.write, mw.sequence.patch ],
 	},
 
 	'/project/:project/plan/': {
 		get: [ mw.plan.list ],
-		put: [ mw.plan.put ],
-		post: [ mw.plan.post ]
+		put: [ mw.auth.access.write, mw.plan.put ],
+		post: [ mw.auth.access.write, mw.plan.post ]
 	},
 	'/project/:project/plan/:sequence': {
 // 		get: [ mw.plan.get ],
-		patch: [ mw.plan.patch ],
-		delete: [ mw.plan.delete ]
+		patch: [ mw.auth.access.write, mw.plan.patch ],
+		delete: [ mw.auth.access.write, mw.plan.delete ]
 	},
 //
 	'/project/:project/event/': {
 		get: [ mw.event.cache.get, mw.event.list, mw.event.cache.save ],
-		post: [ mw.event.post ],
-		put: [ mw.event.put ],
-		delete: [ mw.event.delete ],
+		post: [ mw.auth.access.write, mw.event.post ],
+		put: [ mw.auth.access.write, mw.event.put ],
+		delete: [ mw.auth.access.write, mw.event.delete ],
 		':type/': {
 			':id/': {
 // 				get: [ mw.event.get ],
-				put: [ mw.event.put ],
-				delete: [ mw.event.delete ]
+				put: [ mw.auth.access.write, mw.event.put ],
+				delete: [mw.auth.access.write,  mw.event.delete ]
 			}
 		},
 	},
@@ -148,7 +148,7 @@ app.map({
 	},
 	'/project/:project/configuration/:path(*)?': {
 		get: [ mw.configuration.get ],
-// 		post: [ mw.label.post ],
+// 		post: [ mw.auth.access.admin, mw.label.post ],
 	},
 	'/project/:project/info/:path(*)': {
 		get: [ mw.info.get ],