From 4e4b3a0c8e69a724e229f028896ce774ef26df3b Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Fri, 11 Sep 2020 20:56:35 +0200
Subject: Refactor settings controllers (#14767)

- Disallow suspended accounts from revoking sessions and apps
- Allow suspended accounts to access exports
---
 app/controllers/settings/base_controller.rb | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'app/controllers/settings/base_controller.rb')

diff --git a/app/controllers/settings/base_controller.rb b/app/controllers/settings/base_controller.rb
index 3c404cfff..8311538a5 100644
--- a/app/controllers/settings/base_controller.rb
+++ b/app/controllers/settings/base_controller.rb
@@ -1,6 +1,9 @@
 # frozen_string_literal: true
 
 class Settings::BaseController < ApplicationController
+  layout 'admin'
+
+  before_action :authenticate_user!
   before_action :set_body_classes
   before_action :set_cache_headers
 
@@ -13,4 +16,8 @@ class Settings::BaseController < ApplicationController
   def set_cache_headers
     response.headers['Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate'
   end
+
+  def require_not_suspended!
+    forbidden if current_account.suspended?
+  end
 end
-- 
cgit