From 3aaa9a87223243f28b59007feaf19cdaeb7b5373 Mon Sep 17 00:00:00 2001
From: Robin Ward <robin.ward@gmail.com>
Date: Tue, 29 Sep 2015 12:37:46 -0400
Subject: [PATCH] Restrict access to the Email admin tab to Admins

---
 app/assets/javascripts/admin/templates/admin.hbs | 2 +-
 config/routes.rb                                 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/assets/javascripts/admin/templates/admin.hbs b/app/assets/javascripts/admin/templates/admin.hbs
index c7746a6d4a6..6c3008dd282 100644
--- a/app/assets/javascripts/admin/templates/admin.hbs
+++ b/app/assets/javascripts/admin/templates/admin.hbs
@@ -13,8 +13,8 @@
         {{/if}}
         {{#if currentUser.admin}}
           {{nav-item route='adminGroups' label='admin.groups.title'}}
+          {{nav-item route='adminEmail' label='admin.email.title'}}
         {{/if}}
-        {{nav-item route='adminEmail' label='admin.email.title'}}
         {{nav-item route='adminFlags' label='admin.flags.title'}}
         {{nav-item route='adminLogs' label='admin.logs.title'}}
         {{#if currentUser.admin}}
diff --git a/config/routes.rb b/config/routes.rb
index 94a621f7ef9..4ceef9deefb 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -113,7 +113,7 @@ Discourse::Application.routes.draw do
 
     resources :impersonate, constraints: AdminConstraint.new
 
-    resources :email do
+    resources :email, constraints: AdminConstraint.new do
       collection do
         post "test"
         get "all"