Merge pull request #1662 from ClearlyClaire/glitch-soc/merge-upstream

Merge upstream changes
author: Claire <claire.github-309c@sitedethib.com> 2022-01-19 14:22:59 +0100
committer: GitHub <noreply@github.com> 2022-01-19 14:22:59 +0100
commit: b209e919bddb4bb72bb4f8589f4b15654f22ef53 (patch)
tree: ccd980d2d701c03f9c16358908f20560f2d5be2c /app/controllers/api/v1/admin/accounts_controller.rb
parent: f6acc039ec95c6d1c8cc2e2955f2af31d27e928c (diff)
parent: c42938aed4677f52207bbb6389c7edc2772a6f7a (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/app/controllers/api/v1/admin/accounts_controller.rb b/app/controllers/api/v1/admin/accounts_controller.rb
index 9b8f2fb05..65330b8c8 100644
--- a/app/controllers/api/v1/admin/accounts_controller.rb
+++ b/app/controllers/api/v1/admin/accounts_controller.rb
@@ -1,13 +1,15 @@
 # frozen_string_literal: true
 
 class Api::V1::Admin::AccountsController < Api::BaseController
+  protect_from_forgery with: :exception
+
   include Authorization
   include AccountableConcern
 
   LIMIT = 100
 
-  before_action -> { doorkeeper_authorize! :'admin:read', :'admin:read:accounts' }, only: [:index, :show]
-  before_action -> { doorkeeper_authorize! :'admin:write', :'admin:write:accounts' }, except: [:index, :show]
+  before_action -> { authorize_if_got_token! :'admin:read', :'admin:read:accounts' }, only: [:index, :show]
+  before_action -> { authorize_if_got_token! :'admin:write', :'admin:write:accounts' }, except: [:index, :show]
   before_action :require_staff!
   before_action :set_accounts, only: :index
   before_action :set_account, except: :index
author	Claire <claire.github-309c@sitedethib.com>	2022-01-19 14:22:59 +0100
committer	GitHub <noreply@github.com>	2022-01-19 14:22:59 +0100
commit	b209e919bddb4bb72bb4f8589f4b15654f22ef53 (patch)
tree	ccd980d2d701c03f9c16358908f20560f2d5be2c /app/controllers/api/v1/admin/accounts_controller.rb
parent	f6acc039ec95c6d1c8cc2e2955f2af31d27e928c (diff)
parent	c42938aed4677f52207bbb6389c7edc2772a6f7a (diff)