From 5b86d6f652966ce2c88ed904718a9d743b6c24d7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20B=C3=B6hmer?= <mail@jan-boehmer.de>
Date: Wed, 15 Apr 2026 00:04:52 +0200
Subject: [PATCH] Require full authentication for the system settings, as some
 of the settings are quite critical

---
 src/Controller/SettingsController.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Controller/SettingsController.php b/src/Controller/SettingsController.php
index 15c945f6..5fed1571 100644
--- a/src/Controller/SettingsController.php
+++ b/src/Controller/SettingsController.php
@@ -44,6 +44,7 @@ class SettingsController extends AbstractController
     public function systemSettings(Request $request, TagAwareCacheInterface $cache): Response
     {
         $this->denyAccessUnlessGranted('@config.change_system_settings');
+        $this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
 
         //Create a clone of the settings object
         $settings = $this->settingsManager->createTemporaryCopy(AppSettings::class);