SECURITY: Moderators should not be able to access customizations

2017-01-06 14:42:36 -05:00 · 2017-01-06 14:42:36 -05:00 · 7cb376d6f4
commit 7cb376d6f4
parent 5a31a7b3d3
1 changed files with 2 additions and 1 deletions
--- a/config/routes.rb
+++ b/config/routes.rb
@ -183,7 +183,8 @@ Discourse::Application.routes.draw do
    post "flags/disagree/:id" => "flags#disagree"
    post "flags/defer/:id" => "flags#defer"
    resources :site_customizations, constraints: AdminConstraint.new
-    scope "/customize" do
+
+    scope "/customize", constraints: AdminConstraint.new do
      resources :user_fields, constraints: AdminConstraint.new
      resources :emojis, constraints: AdminConstraint.new