Test event API access
We need to do some testing of how access is handled for the events API. But I am not sure that we have time for developing a complete set of unit tests at present. And, since we actually don't want to allow any public access to the events API, that helps simplify things.
For now, I think we should just add the IsAuthenticated permission and write a few simple unit tests which loop over the events API urls and make sure that unauthenticated attempts to get to them fail.
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information