[Zurich] Ensure only superusers can add/edit bodies

author: Chris Mytton <self@hecticjeff.net> 2013-09-04 16:32:52 +0100
committer: Chris Mytton <self@hecticjeff.net> 2013-09-04 16:32:52 +0100
commit: 18d916c30374bff64c0ce56c613210b93d301acc (patch)
tree: 8d7f3c642e646e4bb66b9151cf36f777890a3755
parent: 82d1ef966c63cd5517d9f5e4b476634c48acdc4d (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Admin.pm b/perllib/FixMyStreet/App/Controller/Admin.pm
index e0ba80af6..133c83024 100644
--- a/perllib/FixMyStreet/App/Controller/Admin.pm
+++ b/perllib/FixMyStreet/App/Controller/Admin.pm
@@ -234,6 +234,7 @@ sub bodies : Path('bodies') : Args(0) {
 
     my $posted = $c->req->param('posted') || '';
     if ( $posted eq 'body' ) {
+        $c->forward('check_for_super_user');
         $c->forward('check_token');
 
         my $params = $c->forward('body_params');
@@ -385,6 +386,7 @@ sub update_contacts : Private {
 
         $c->stash->{updated} = _('Values updated');
     } elsif ( $posted eq 'body' ) {
+        $c->forward('check_for_super_user');
         $c->forward('check_token');
 
         my $params = $c->forward( 'body_params' );
author	Chris Mytton <self@hecticjeff.net>	2013-09-04 16:32:52 +0100
committer	Chris Mytton <self@hecticjeff.net>	2013-09-04 16:32:52 +0100
commit	18d916c30374bff64c0ce56c613210b93d301acc (patch)
tree	8d7f3c642e646e4bb66b9151cf36f777890a3755
parent	82d1ef966c63cd5517d9f5e4b476634c48acdc4d (diff)