From: Eugen Rochko <eugen@zeonfederated.com>
Date: Sun, 23 Oct 2016 10:08:52 +0000 (+0200)
Subject: Restrict access to oauth/applications to admins only
X-Git-Url: https://git.xn--scling-oua.cat.family/?a=commitdiff_plain;h=720d1f8f3d6ffbc1729e7523bd4b663703ee2f24;p=mastodon.git

Restrict access to oauth/applications to admins only
---

diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb
index 16297456e..2317733eb 100644
--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@@ -15,7 +15,7 @@ Doorkeeper.configure do
 
   # If you want to restrict access to the web interface for adding oauth authorized applications, you need to declare the block below.
   admin_authenticator do
-    current_user || redirect_to(new_user_session_url)
+    (current_user && current_user.admin?) || redirect_to(new_user_session_url)
   end
 
   # Authorization Code expiration time (default 10 minutes).