Ensure user is authenticated to create a new snippet
What does this MR do?
The included before_action :authenticate_user!, only: [:toggle_award_emoji]
in the ToggleAwardEmoji
concern was actually overwriting the default before_action :authenticate_user!
from ApplicationController
!
Fortunately we have specific permission checks for POST/PUT/DELETE actions but we should definitely audit all our code for similar issues. I think controller concerns should never set before_action
that are already defined in a controller, and even less when they are restricting it with only
!
Closes #25026 (closed)