From 4636b31f06158e033b42d68ddcb714e6e67926d0 Mon Sep 17 00:00:00 2001 From: Mike Dalessio Date: Wed, 19 Nov 2025 13:22:41 -0500 Subject: [PATCH] Authorization `ensure_staff` uses identity.staff for use on untenanted routes --- app/controllers/concerns/authorization.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/concerns/authorization.rb b/app/controllers/concerns/authorization.rb index 9a3a8279a..46769992e 100644 --- a/app/controllers/concerns/authorization.rb +++ b/app/controllers/concerns/authorization.rb @@ -22,7 +22,7 @@ module Authorization end def ensure_staff - head :forbidden unless Current.user.staff? + head :forbidden unless Current.identity.staff? end def ensure_can_access_account