Restrict access to oauth/applications to admins only

2016-10-23 12:08:52 +02:00 · 2016-10-23 12:08:52 +02:00 · 720d1f8f3d
commit 720d1f8f3d
parent b746a931a5
1 changed files with 1 additions and 1 deletions
--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@ -15,7 +15,7 @@ Doorkeeper.configure do

  # If you want to restrict access to the web interface for adding oauth authorized applications, you need to declare the block below.
  admin_authenticator do
-    current_user || redirect_to(new_user_session_url)
+    (current_user && current_user.admin?) || redirect_to(new_user_session_url)
  end

  # Authorization Code expiration time (default 10 minutes).