Restrict access to /oauth/applications. Eventually, this should be a

page that everyone can access, but can only configure their own applications.
thewca · May 24, 2015 · 47750ae · 47750ae
1 parent 303c1f6
commit 47750ae
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -25,7 +25,7 @@ This repository contains all of the code that runs on [worldcubeassociation.org]
 - `time ssh -A root@staging.worldcubeassociation.org 'bash <(wget --no-check-certificate -O - https://raw.githubusercontent.com/cubing/worldcubeassociation.org/master/scripts/wca-bootstrap.sh) staging/production'`
 
 ## Deploy
-- TODO
+- TODO - see rebuild_rails in `scripts/regulations.sh`
 - `ssh staging.worldcubeassociation.org pkill -U gjcomps -f rails`
 
 ## Secrets

diff --git a/WcaOnRails/config/initializers/doorkeeper.rb b/WcaOnRails/config/initializers/doorkeeper.rb
@@ -20,11 +20,9 @@
   end
 
   # If you want to restrict access to the web interface for adding oauth authorized applications, you need to declare the block below.
-  # admin_authenticator do
-  #   # Put your admin authentication logic here.
-  #   # Example implementation:
-  #   Admin.find_by_id(session[:admin_id]) || redirect_to(new_admin_session_url)
-  # end
+  admin_authenticator do
+    redirect_to new_user_session_url unless current_user && current_user.admin?
+  end
 
   # Authorization Code expiration time (default 10 minutes).
   # authorization_code_expires_in 10.minutes