From 131fd76caea18c72d08edfc8b00bc8d29a7cf9bf Mon Sep 17 00:00:00 2001
From: Andy Allan <git@gravitystorm.co.uk>
Date: Wed, 16 Jan 2019 11:45:13 +0100
Subject: [PATCH] Ensure authorization checks happen for all controller methods

---
 app/controllers/application_controller.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 38758e1df..fa6d432e9 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -4,6 +4,7 @@ class ApplicationController < ActionController::Base
   protect_from_forgery :with => :exception
 
   rescue_from CanCan::AccessDenied, :with => :deny_access
+  check_authorization
 
   before_action :fetch_body
   around_action :better_errors_allow_inline, :if => proc { Rails.env.development? }
-- 
2.43.2