For endpoints that live directly on the clojure side of the fence, we don't run them through the existing auth.conf ruby code to handle authorization. This means that any endpoints that do require authorization need to have their own special settings created for them, which is not a good long-term solution. Instead, we should come up with a general solution that can be used across all of the future endpoints. Hopefully this ends up being some ring middleware that can be re-used in many places and reads from a well-known config file/format.
We should also probably discuss whether or not it would make sense to look into integrating with the RBAC service.