diff --git a/project/views/event.py b/project/views/event.py
index 7755a14..d7a7d19 100644
--- a/project/views/event.py
+++ b/project/views/event.py
@@ -3,6 +3,7 @@ from datetime import datetime
 
 from flask import flash, jsonify, redirect, render_template, request, url_for
 from flask_babelex import gettext
+from flask_security import auth_required
 from sqlalchemy.exc import SQLAlchemyError
 from sqlalchemy.sql import func
 
@@ -78,6 +79,7 @@ def event_actions(event_id):
 
 
 @app.route("/admin_unit/<int:id>/events/create", methods=("GET", "POST"))
+@auth_required()
 def event_create_for_admin_unit_id(id):
     admin_unit = AdminUnit.query.get_or_404(id)
     access_or_401(admin_unit, "event:create")
@@ -161,6 +163,7 @@ def event_create_for_admin_unit_id(id):
 
 
 @app.route("/event/<int:event_id>/update", methods=("GET", "POST"))
+@auth_required()
 def event_update(event_id):
     event = Event.query.get_or_404(event_id)
     access_or_401(event.admin_unit, "event:update")
@@ -193,6 +196,7 @@ def event_update(event_id):
 
 
 @app.route("/event/<int:event_id>/delete", methods=("GET", "POST"))
+@auth_required()
 def event_delete(event_id):
     event = Event.query.get_or_404(event_id)
     access_or_401(event.admin_unit, "event:delete")
diff --git a/project/views/event_suggestion.py b/project/views/event_suggestion.py
index 94f5ad4..7cfe35d 100644
--- a/project/views/event_suggestion.py
+++ b/project/views/event_suggestion.py
@@ -1,5 +1,6 @@
 from flask import flash, redirect, render_template, url_for
 from flask_babelex import gettext
+from flask_security import auth_required
 from sqlalchemy.exc import SQLAlchemyError
 
 from project import app, db
@@ -10,6 +11,7 @@ from project.views.utils import flash_errors, handleSqlError, send_mail
 
 
 @app.route("/event_suggestion/<int:event_suggestion_id>/review")
+@auth_required()
 def event_suggestion_review(event_suggestion_id):
     event_suggestion = EventSuggestion.query.get_or_404(event_suggestion_id)
     access_or_401(event_suggestion.admin_unit, "event:verify")
diff --git a/project/views/oauth2_token.py b/project/views/oauth2_token.py
index d4b2f69..f90393b 100644
--- a/project/views/oauth2_token.py
+++ b/project/views/oauth2_token.py
@@ -1,6 +1,6 @@
 from flask import flash, redirect, render_template, url_for
 from flask_babelex import gettext
-from flask_security import current_user
+from flask_security import auth_required, current_user
 from sqlalchemy.exc import SQLAlchemyError
 
 from project import app, db
@@ -11,6 +11,7 @@ from project.views.utils import flash_errors, get_pagination_urls, handleSqlErro
 
 
 @app.route("/oauth2_token/<int:id>/revoke", methods=("GET", "POST"))
+@auth_required()
 def oauth2_token_revoke(id):
     oauth2_token = OAuth2Token.query.get_or_404(id)
     owner_access_or_401(oauth2_token.user_id)
diff --git a/project/views/reference.py b/project/views/reference.py
index bc80a61..154bd5f 100644
--- a/project/views/reference.py
+++ b/project/views/reference.py
@@ -31,6 +31,7 @@ from project.views.utils import (
 
 
 @app.route("/reference/<int:id>")
+@auth_required()
 def event_reference(id):
     reference = EventReference.query.get_or_404(id)
     access_or_401(reference.admin_unit, "reference:read")
@@ -85,6 +86,7 @@ def event_reference_create(event_id):
 
 
 @app.route("/reference/<int:id>/update", methods=("GET", "POST"))
+@auth_required()
 def event_reference_update(id):
     reference = EventReference.query.get_or_404(id)
     access_or_401(reference.admin_unit, "reference:update")
@@ -148,6 +150,7 @@ def manage_admin_unit_references_outgoing(id):
 
 
 @app.route("/reference/<int:id>/delete", methods=("GET", "POST"))
+@auth_required()
 def reference_delete(id):
     reference = EventReference.query.get_or_404(id)
     access_or_401(reference.admin_unit, "reference:delete")
diff --git a/project/views/reference_request.py b/project/views/reference_request.py
index 5502a1e..49cff56 100644
--- a/project/views/reference_request.py
+++ b/project/views/reference_request.py
@@ -66,6 +66,7 @@ def manage_admin_unit_reference_requests_outgoing(id):
 
 
 @app.route("/event/<int:event_id>/reference_request/create", methods=("GET", "POST"))
+@auth_required()
 def event_reference_request_create(event_id):
     event = Event.query.get_or_404(event_id)
     access_or_401(event.admin_unit, "reference_request:create")
diff --git a/project/views/reference_request_review.py b/project/views/reference_request_review.py
index 5aec736..6ea3f99 100644
--- a/project/views/reference_request_review.py
+++ b/project/views/reference_request_review.py
@@ -1,5 +1,6 @@
 from flask import abort, flash, redirect, render_template, url_for
 from flask_babelex import gettext
+from flask_security import auth_required
 from sqlalchemy.exc import SQLAlchemyError
 
 from project import app, db
@@ -18,6 +19,7 @@ from project.views.utils import flash_errors, handleSqlError, send_mail
 
 
 @app.route("/reference_request/<int:id>/review", methods=("GET", "POST"))
+@auth_required()
 def event_reference_request_review(id):
     request = EventReferenceRequest.query.get_or_404(id)
     access_or_401(request.admin_unit, "reference_request:verify")