Restrict access to oauth/applications to admins only

author: Eugen Rochko <eugen@zeonfederated.com> 2016-10-23 12:08:52 +0200
committer: Eugen Rochko <eugen@zeonfederated.com> 2016-10-23 12:08:52 +0200
commit: 720d1f8f3d6ffbc1729e7523bd4b663703ee2f24 (patch)
tree: bfbd17a67b2908a6ab506254070f5fa083400038 /config/initializers
parent: b746a931a5465b0ebf62e2a72e8fbea9e0f7433c (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb
index 16297456e..2317733eb 100644
--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@@ -15,7 +15,7 @@ Doorkeeper.configure do
 
   # If you want to restrict access to the web interface for adding oauth authorized applications, you need to declare the block below.
   admin_authenticator do
-    current_user || redirect_to(new_user_session_url)
+    (current_user && current_user.admin?) || redirect_to(new_user_session_url)
   end
 
   # Authorization Code expiration time (default 10 minutes).
author	Eugen Rochko <eugen@zeonfederated.com>	2016-10-23 12:08:52 +0200
committer	Eugen Rochko <eugen@zeonfederated.com>	2016-10-23 12:08:52 +0200
commit	720d1f8f3d6ffbc1729e7523bd4b663703ee2f24 (patch)
tree	bfbd17a67b2908a6ab506254070f5fa083400038 /config/initializers
parent	b746a931a5465b0ebf62e2a72e8fbea9e0f7433c (diff)