SECURITY: Moderators should not be able to access customizations

This commit is contained in:
Robin Ward 2017-01-06 14:42:36 -05:00
parent b0fe5d383e
commit ad9af94ac9

View File

@ -166,7 +166,8 @@ Discourse::Application.routes.draw do
post "flags/disagree/:id" => "flags#disagree"
post "flags/defer/:id" => "flags#defer"
resources :site_customizations, constraints: AdminConstraint.new
scope "/customize" do
scope "/customize", constraints: AdminConstraint.new do
resources :user_fields, constraints: AdminConstraint.new
resources :emojis, constraints: AdminConstraint.new