api permissions + shopping list on mobile

cookbook/templates/shopping_list.html

@@ -137,11 +137,11 @@
 
 
             <div class="row">
-                <div class="col col-md-3">
+                <div class="col-12 col-lg-3">
                     <input class="form-control" type="number" placeholder="{% trans 'Amount' %}"
                            v-model="new_entry.amount" ref="new_entry_amount">
                 </div>
-                <div class="col col-md-4">
+                <div class="col-12 col-lg-4">
                     <multiselect
                             v-tabindex
                             ref="unit"
@@ -163,7 +163,7 @@
                             @search-change="searchUnits">
                     </multiselect>
                 </div>
-                <div class="col col-md-4">
+                <div class="col-12 col-lg-4">
                     <multiselect
                             v-tabindex
                             ref="food"
@@ -186,7 +186,7 @@
                     </multiselect>
                 </div>
 
-                <div class="col col-md-1 my-auto text-right">
+                <div class="col-12 col-lg-1 my-auto text-right">
                     <button class="btn btn-success btn-lg" @click="addEntry()"><i class="fa fa-plus"></i>
                     </button>
                 </div>

cookbook/views/api.py

@@ -399,7 +399,7 @@ def get_external_file_link(request, recipe_id):
     return HttpResponse(recipe.link)
 
 
-@group_required('user')
+@group_required('guest')
 def get_recipe_file(request, recipe_id):
     recipe = Recipe.objects.get(id=recipe_id)
     # if not recipe.cors_link:
@@ -522,6 +522,7 @@ def recipe_from_url(request):
     return get_from_html(response.text, url)
 
 
+@group_required('admin')
 def get_backup(request):
     if not request.user.is_superuser:
         return HttpResponse('', status=403)