chinwag/chinwagsocial
chinwag/chinwagsocial
2
0
Fork 0
Code Issues Pull requests Releases 14 Wiki Activity

Refactor settings controllers (#14767)

Browse source 
- Disallow suspended accounts from revoking sessions and apps
- Allow suspended accounts to access exports
This commit is contained in:
Eugen Rochko 2020-09-11 20:56:35 +02:00 committed by GitHub
commit 4e4b3a0c8e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
31 changed files with 65 additions and 118 deletions
Download patch file Download diff file Expand all files Collapse all files

5
app/controllers/oauth/authorized_applications_controller.rb
View file

@ -5,6 +5,7 @@ class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicatio
before_action :store_current_location
before_action :authenticate_resource_owner!
before_action :require_not_suspended!, only: :destroy
before_action :set_body_classes
skip_before_action :require_functional!
@ -25,4 +26,8 @@ class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicatio
def store_current_location
store_location_for(:user, request.url)
end
def require_not_suspended!
forbidden if current_account.suspended?
end
end