diff --git a/program/views.py b/program/views.py
index a0f963a1c223bd847adafdd15e32ce2aab9dfb52..8bf9aa954ed80bbb657d63e0c1f177bfd1348642 100644
--- a/program/views.py
+++ b/program/views.py
@@ -307,6 +307,7 @@ class APIUserViewSet(
 class APIImageViewSet(viewsets.ModelViewSet):
     serializer_class = ImageSerializer
     pagination_class = LimitOffsetPagination
+    permission_classes = [permissions.IsAuthenticatedOrReadOnly]
 
     def get_queryset(self):
         """The queryset contains all the images if the method is safe, otherwise it only contains
@@ -336,6 +337,7 @@ class APIImageViewSet(viewsets.ModelViewSet):
 
         serializer = ImageSerializer(
             image,
+            context={"request": request},  # the serializer needs the request in the context
             data=request.data,
         )