From a001715332d9423dd4c68542f7eceac4c2e3900c Mon Sep 17 00:00:00 2001
From: Dave Arter <davea@mysociety.org>
Date: Wed, 13 Jul 2016 13:58:50 +0100
Subject: Restrict add/editing of bodies in admin to superusers

---
 perllib/FixMyStreet/App/Controller/Admin.pm | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'perllib/FixMyStreet/App/Controller/Admin.pm')

diff --git a/perllib/FixMyStreet/App/Controller/Admin.pm b/perllib/FixMyStreet/App/Controller/Admin.pm
index 43fffd315..776a9276a 100644
--- a/perllib/FixMyStreet/App/Controller/Admin.pm
+++ b/perllib/FixMyStreet/App/Controller/Admin.pm
@@ -315,8 +315,13 @@ sub body : Path('body') : Args(1) {
 
 sub check_for_super_user : Private {
     my ( $self, $c ) = @_;
-    if ( $c->cobrand->moniker eq 'zurich' && $c->stash->{admin_type} ne 'super' ) {
-        $c->detach('/page_error_404_not_found', []);
+
+    my $superuser = $c->user->is_superuser;
+    # Zurich currently has its own way of defining superusers
+    $superuser ||= $c->cobrand->moniker eq 'zurich' && $c->stash->{admin_type} eq 'super';
+
+    unless ( $superuser ) {
+        $c->detach('/page_error_403_access_denied', []);
     }
 }
 
-- 
cgit v1.2.3