From 414f1a39160d5897089a7acd2e37e5063957f7dc Mon Sep 17 00:00:00 2001
From: Petko Bordjukov <bordjukov@gmail.com>
Date: Wed, 17 Sep 2014 14:30:50 +0300
Subject: [PATCH] Add authorisation check for ManagementController

---
 app/controllers/management/management_controller.rb | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/app/controllers/management/management_controller.rb b/app/controllers/management/management_controller.rb
index 1b7ff3d..d50b412 100644
--- a/app/controllers/management/management_controller.rb
+++ b/app/controllers/management/management_controller.rb
@@ -1,5 +1,13 @@
 module Management
   class ManagementController < ::ApplicationController
+    before_action :authenticate_user!, :authorize_user!
+
     layout 'management'
+
+    private
+
+    def authorize_user!
+      head :forbidden unless current_user.admin?
+    end
   end
 end