diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2010-03-24 20:25:09 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2010-03-24 20:25:09 +0000 |
| commit | 84dfff5957d4486258a1e4a30b9a72933278c1df (patch) | |
| tree | 6c15261094eb1f0b8f247bf4637bd3d9546e27d5 /app/controllers/queries_controller.rb | |
| parent | d29adc9bb7e624d64bc3f1ac231f491fe529d197 (diff) | |
| download | redmine-84dfff5957d4486258a1e4a30b9a72933278c1df.tar.gz redmine-84dfff5957d4486258a1e4a30b9a72933278c1df.zip | |
Fixes permission check in QueriesController (#5181).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3611 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/controllers/queries_controller.rb')
| -rw-r--r-- | app/controllers/queries_controller.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/controllers/queries_controller.rb b/app/controllers/queries_controller.rb index 16755a125..599060e69 100644 --- a/app/controllers/queries_controller.rb +++ b/app/controllers/queries_controller.rb @@ -74,7 +74,7 @@ private def find_optional_project @project = Project.find(params[:project_id]) if params[:project_id] - User.current.allowed_to?(:save_queries, @project, :global => true) + render_403 unless User.current.allowed_to?(:save_queries, @project, :global => true) rescue ActiveRecord::RecordNotFound render_404 end |