diff --git a/exposition/views.py b/exposition/views.py
index 0a17afe2..9ee94889 100644
--- a/exposition/views.py
+++ b/exposition/views.py
@@ -400,25 +400,31 @@ class ExpoMembers(ListView):
 def add_note(request, slug):
     args = {'success': False}
 
-    if request.GET:
-        text = request.GET['note_text']
-        try:
-            e = Exposition.objects.get(url=slug)
-        except Exposition.DoesNotExist:
-            raise Http404
+    if request.user.is_authenticated():
 
-        ct = ContentType.objects.get_for_model(e)
-        object_id = e.id
-        user = User.objects.get(id=request.user.id)
-        if Note.objects.filter(user=user, content_type=ct, object_id=object_id).exists():
-            Note.objects.filter(user=user, content_type=ct, object_id=object_id).update(text=text)
-        else:
-            Note.objects.create(content_type=ct, object_id=object_id, user=user, text=text)
+        if request.GET:
+            text = request.GET['note_text']
+            try:
+                e = Exposition.objects.get(url=slug)
+            except Exposition.DoesNotExist:
+                raise Http404
 
-        user.calendar.expositions.add(e)
+            ct = ContentType.objects.get_for_model(e)
+            object_id = e.id
+            user = User.objects.get(id=request.user.id)
+            if Note.objects.filter(user=user, content_type=ct, object_id=object_id).exists():
+                Note.objects.filter(user=user, content_type=ct, object_id=object_id).update(text=text)
+            else:
+                Note.objects.create(content_type=ct, object_id=object_id, user=user, text=text)
 
+            user.calendar.expositions.add(e)
 
+
+            args['success'] = True
+            args['text'] = text
+
+    else:
+        args['not_authorized'] = True
         args['success'] = True
-        args['text'] = text
 
     return HttpResponse(json.dumps(args), content_type='application/json')
\ No newline at end of file