From 4e4b3a0c8e69a724e229f028896ce774ef26df3b Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Fri, 11 Sep 2020 20:56:35 +0200
Subject: Refactor settings controllers (#14767)

- Disallow suspended accounts from revoking sessions and apps
- Allow suspended accounts to access exports
---
 app/controllers/oauth/authorized_applications_controller.rb | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'app/controllers/oauth')

diff --git a/app/controllers/oauth/authorized_applications_controller.rb b/app/controllers/oauth/authorized_applications_controller.rb
index fb8389034..45151cdd7 100644
--- a/app/controllers/oauth/authorized_applications_controller.rb
+++ b/app/controllers/oauth/authorized_applications_controller.rb
@@ -5,6 +5,7 @@ class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicatio
 
   before_action :store_current_location
   before_action :authenticate_resource_owner!
+  before_action :require_not_suspended!, only: :destroy
   before_action :set_body_classes
 
   skip_before_action :require_functional!
@@ -25,4 +26,8 @@ class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicatio
   def store_current_location
     store_location_for(:user, request.url)
   end
+
+  def require_not_suspended!
+    forbidden if current_account.suspended?
+  end
 end
-- 
cgit