FIX: You should be an admin to do the wizard

app/controllers/application_controller.rb

@@ -461,6 +461,10 @@ class ApplicationController < ActionController::Base
       raise Discourse::InvalidAccess.new unless current_user && current_user.staff?
     end
 
+    def ensure_admin
+      raise Discourse::InvalidAccess.new unless current_user && current_user.admin?
+    end
+
     def ensure_wizard_enabled
       raise Discourse::InvalidAccess.new unless SiteSetting.wizard_enabled?
     end

app/controllers/steps_controller.rb

@@ -6,7 +6,7 @@ class StepsController < ApplicationController
 
   before_filter :ensure_wizard_enabled
   before_filter :ensure_logged_in
-  before_filter :ensure_staff
+  before_filter :ensure_admin
 
   def update
     wizard = Wizard::Builder.new(current_user).build

app/controllers/wizard_controller.rb

@@ -4,7 +4,7 @@ require_dependency 'wizard/builder'
 class WizardController < ApplicationController
   before_filter :ensure_wizard_enabled, only: [:index]
   before_filter :ensure_logged_in
-  before_filter :ensure_staff
+  before_filter :ensure_admin
 
   skip_before_filter :check_xhr, :preload_json
 

spec/controllers/steps_controller_spec.rb

@@ -13,7 +13,7 @@ describe StepsController do
   end
 
   it "raises an error if you aren't an admin" do
-    log_in
+    log_in(:moderator)
     xhr :put, :update, id: 'made-up-id', fields: { forum_title: "updated title" }
     expect(response).to be_forbidden
   end

spec/controllers/wizard_controller_spec.rb

@@ -14,7 +14,7 @@ describe WizardController do
     end
 
     it "raises an error if you aren't an admin" do
-      log_in
+      log_in(:moderator)
       xhr :get, :index
       expect(response).to be_forbidden
     end