Fixes a data disclosure issue introduced in r3941.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4535 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2010-12-18 17:11:41 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2010-12-18 17:11:41 +0000
commit: 93847ae33740232e7e6e7a6a4a2dba45ea421932 (patch)
tree: 233bfd8fcfd1beac72745e1d234e57ae4cfc1482 /app/controllers/journals_controller.rb
parent: 525656a4900f01fb1032e7ca92a3deac16386c5b (diff)
download: redmine-93847ae33740232e7e6e7a6a4a2dba45ea421932.tar.gz
redmine-93847ae33740232e7e6e7a6a4a2dba45ea421932.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/app/controllers/journals_controller.rb b/app/controllers/journals_controller.rb
index a3b1abde4..d3b56e8cb 100644
--- a/app/controllers/journals_controller.rb
+++ b/app/controllers/journals_controller.rb
@@ -19,6 +19,7 @@ class JournalsController < ApplicationController
   before_filter :find_journal, :only => [:edit]
   before_filter :find_issue, :only => [:new]
   before_filter :find_optional_project, :only => [:index]
+  before_filter :authorize, :only => [:new, :edit]
   accept_key_auth :index
 
   helper :issues
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2010-12-18 17:11:41 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2010-12-18 17:11:41 +0000
commit	93847ae33740232e7e6e7a6a4a2dba45ea421932 (patch)
tree	233bfd8fcfd1beac72745e1d234e57ae4cfc1482 /app/controllers/journals_controller.rb
parent	525656a4900f01fb1032e7ca92a3deac16386c5b (diff)
download	redmine-93847ae33740232e7e6e7a6a4a2dba45ea421932.tar.gz redmine-93847ae33740232e7e6e7a6a4a2dba45ea421932.zip