From 4e4b3a0c8e69a724e229f028896ce774ef26df3b Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Fri, 11 Sep 2020 20:56:35 +0200
Subject: Refactor settings controllers (#14767)

- Disallow suspended accounts from revoking sessions and apps
- Allow suspended accounts to access exports
---
 app/controllers/settings/sessions_controller.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'app/controllers/settings/sessions_controller.rb')

diff --git a/app/controllers/settings/sessions_controller.rb b/app/controllers/settings/sessions_controller.rb
index df5ace803..ee2fc5dc8 100644
--- a/app/controllers/settings/sessions_controller.rb
+++ b/app/controllers/settings/sessions_controller.rb
@@ -1,11 +1,11 @@
 # frozen_string_literal: true
 
 class Settings::SessionsController < Settings::BaseController
-  before_action :authenticate_user!
-  before_action :set_session, only: :destroy
-
   skip_before_action :require_functional!
 
+  before_action :require_not_suspended!
+  before_action :set_session, only: :destroy
+
   def destroy
     @session.destroy!
     flash[:notice] = I18n.t('sessions.revoke_success')
-- 
cgit