From dc1cacbcc78ee0fc39f08b17c9032f0c1a899d81 Mon Sep 17 00:00:00 2001
From: "byte[]" <byteslice@airmail.cc>
Date: Sun, 8 Dec 2019 12:50:44 -0500
Subject: [PATCH] force authorization

---
 lib/philomena_web/controllers/admin/report_controller.ex | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/lib/philomena_web/controllers/admin/report_controller.ex b/lib/philomena_web/controllers/admin/report_controller.ex
index fa791015..5a2f032c 100644
--- a/lib/philomena_web/controllers/admin/report_controller.ex
+++ b/lib/philomena_web/controllers/admin/report_controller.ex
@@ -8,6 +8,7 @@ defmodule PhilomenaWeb.Admin.ReportController do
   alias Philomena.Repo
   import Ecto.Query
 
+  plug :verify_authorized
   plug :load_and_authorize_resource, model: Report, only: [:show], preload: [:admin, user: [:linked_tags, awards: :badge]]
 
   def index(conn, %{"rq" => query_string}) do
@@ -80,4 +81,11 @@ defmodule PhilomenaWeb.Admin.ReportController do
       %{created_at: :desc}
     ]
   end
+
+  defp verify_authorized(conn, _opts) do
+    case Canada.Can.can?(conn.assigns.current_user, :index, Report) do
+      true  -> conn
+      false -> PhilomenaWeb.NotAuthorizedPlug.call(conn)
+    end
+  end
 end
\ No newline at end of file