From 3844e4bca84510b1614eaf90da565ce105881997 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Wed, 10 Oct 2007 21:18:10 +0000 Subject: [PATCH] Fixed: a user not authorized to edit wiki pages gets the edit form if the page doesn't exist. He now gets a 404. git-svn-id: http://redmine.rubyforge.org/svn/trunk@823 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/controllers/wiki_controller.rb | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/app/controllers/wiki_controller.rb b/app/controllers/wiki_controller.rb index fe53e63f2..7609323f4 100644 --- a/app/controllers/wiki_controller.rb +++ b/app/controllers/wiki_controller.rb @@ -31,8 +31,13 @@ class WikiController < ApplicationController page_title = params[:page] @page = @wiki.find_or_new_page(page_title) if @page.new_record? - edit - render :action => 'edit' and return + if User.current.allowed_to?(:edit_wiki_pages, @project) + edit + render :action => 'edit' + else + render_404 + end + return end @content = @page.content_for_version(params[:version]) if params[:export] == 'html' -- 2.39.5