app/controllers/spina/admin/users_controller.rb in spina-2.1.1 vs app/controllers/spina/admin/users_controller.rb in spina-2.2.0

@@ -1,8 +1,9 @@
 module Spina
   module Admin
     class UsersController < AdminController
+      before_action :authorize_authentication_module
       before_action :authorize_admin, except: [:index]
       before_action :set_user, only: [:edit, :update, :destroy]
       
       admin_section :settings
 
@@ -45,11 +46,11 @@
           render :edit, status: :unprocessable_entity
         end
       end
 
       def destroy
-        if @user != current_spina_user   
+        if @user != current_spina_user
           @user.destroy 
           redirect_to spina.admin_users_url, flash: {success: t('spina.users.deleted')}
         end
       end
 
@@ -64,8 +65,17 @@
         end
 
         def set_user
           @user = User.find(params[:id])
         end
+        
+        def authorize_authentication_module
+          render status: 401 unless Spina.config.authentication == "Spina::Authentication::Sessions"
+        end
+        
+        def authorize_admin
+          render status: 401 unless current_spina_user.admin?
+        end
+        
     end
   end
 end