From ff0eca7337c17264a4192b5fa6fe3ec7c171bcc4 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Sun, 23 Oct 2016 12:08:52 +0200 Subject: [PATCH] Restrict access to oauth/applications to admins only --- config/initializers/doorkeeper.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb index 16297456ea..2317733eb9 100644 --- a/config/initializers/doorkeeper.rb +++ b/config/initializers/doorkeeper.rb @@ -15,7 +15,7 @@ Doorkeeper.configure do # If you want to restrict access to the web interface for adding oauth authorized applications, you need to declare the block below. admin_authenticator do - current_user || redirect_to(new_user_session_url) + (current_user && current_user.admin?) || redirect_to(new_user_session_url) end # Authorization Code expiration time (default 10 minutes).