Add admin permissions to sensitive endpoints #574
Description
A sojourn through the endpoints caused me to realize a number of endpoints that modify data aren't blocked with authentication. Presumably an artifact of when SM was more prototypical and standards were lax.
That's a no-no, so let's fix that!