SECURITY: Moderators cannot see user emails.

Unless `moderators_view_emails` SiteSetting is enabled, moderators should not be able to discover users’ emails.

app/controllers/admin/screened_emails_controller.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class Admin::ScreenedEmailsController < Admin::StaffController
+  before_action :ensure_can_see_emails
+
   def index
     screened_emails = ScreenedEmail.limit(200).order("last_match_at desc").to_a
     render_serialized(screened_emails, ScreenedEmailSerializer)
@@ -11,4 +13,8 @@ class Admin::ScreenedEmailsController < Admin::StaffController
     screen.destroy!
     render json: success_json
   end
+
+  def ensure_can_see_emails
+    guardian.ensure_can_see_emails!
+  end
 end