mirror of
https://github.com/discourse/discourse.git
synced 2024-12-16 00:26:29 +08:00
SECURITY: Moderators should not be able to access customizations
This commit is contained in:
parent
b0fe5d383e
commit
ad9af94ac9
|
@ -166,7 +166,8 @@ Discourse::Application.routes.draw do
|
|||
post "flags/disagree/:id" => "flags#disagree"
|
||||
post "flags/defer/:id" => "flags#defer"
|
||||
resources :site_customizations, constraints: AdminConstraint.new
|
||||
scope "/customize" do
|
||||
|
||||
scope "/customize", constraints: AdminConstraint.new do
|
||||
resources :user_fields, constraints: AdminConstraint.new
|
||||
resources :emojis, constraints: AdminConstraint.new
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user