From 7f7fcfd7b39470b5fcd4a2a8a2706c04c33354e1 Mon Sep 17 00:00:00 2001
From: Berkeley Martinez <jn.martinez110@gmail.com>
Date: Thu, 26 Jan 2017 18:04:28 -0800
Subject: [PATCH] feat(api): Explicitly block all from general about

---
 server/models/about.json | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/server/models/about.json b/server/models/about.json
index 55884157bb..4587c06c42 100644
--- a/server/models/about.json
+++ b/server/models/about.json
@@ -9,6 +9,20 @@
   "properties": {},
   "validations": [],
   "relations": {},
-  "acls": [],
+  "acls": [
+    {
+      "accessType": "*",
+      "principalType": "ROLE",
+      "principalId": "$everyone",
+      "permission": "DENY"
+    },
+    {
+      "accessType": "EXECUTE",
+      "principalType": "ROLE",
+      "principalId": "$everyone",
+      "permission": "ALLOW",
+      "property": "getActiveUsers"
+    }
+  ],
   "methods": {}
 }