Unify anonymous permission checks #2042
Description
Some permission checks have explicit user.is_anonymous permission check, some have implicit (its done as part of user_id comparison elsewhere), some don't check it at all, leaving it to view or view decorator to verify that user is signed in.
I would like to settle on single strategy for those.