How to check user access in custom view?

[ghost]

I have a get request like "site.com/admin/fs/download?filename=blahblah.pdf", where fs is my custom view. How can I check in my custom view if user have access to express admin? Because now everyone can execute this query without login.

[ghost]

Ok, i checked out the auth.js and

if (!req.session.user) next();

works for me

[simov]

Yes, and you can have multiple users registered to use the admin - check out this comment

Also if you are POSTing data to the server don't forget to add a CSRF token in your web forms, just check out how this is done in the editview template.