Fixed: a user not authorized to edit wiki pages gets the edit form if the page doesn't exist. He now gets a 404.

git-svn-id: http://redmine.rubyforge.org/svn/trunk@823 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2007-10-10 21:18:10 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2007-10-10 21:18:10 +0000
commit: 3844e4bca84510b1614eaf90da565ce105881997 (patch)
tree: c759d443553001c2f371a47021ee27fb9dd204b8 /app
parent: 38f540a7019d194fb02ddcd6b4d8bcebef1423f9 (diff)
download: redmine-3844e4bca84510b1614eaf90da565ce105881997.tar.gz
redmine-3844e4bca84510b1614eaf90da565ce105881997.zip
1 files changed, 7 insertions, 2 deletions
diff --git a/app/controllers/wiki_controller.rb b/app/controllers/wiki_controller.rb
index fe53e63f2..7609323f4 100644
--- a/app/controllers/wiki_controller.rb
+++ b/app/controllers/wiki_controller.rb
@@ -31,8 +31,13 @@ class WikiController < ApplicationController
     page_title = params[:page]
     @page = @wiki.find_or_new_page(page_title)
     if @page.new_record?
-      edit
-      render :action => 'edit' and return
+      if User.current.allowed_to?(:edit_wiki_pages, @project)
+        edit
+        render :action => 'edit'
+      else
+        render_404
+      end
+      return
     end
     @content = @page.content_for_version(params[:version])
     if params[:export] == 'html'
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2007-10-10 21:18:10 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2007-10-10 21:18:10 +0000
commit	3844e4bca84510b1614eaf90da565ce105881997 (patch)
tree	c759d443553001c2f371a47021ee27fb9dd204b8 /app
parent	38f540a7019d194fb02ddcd6b4d8bcebef1423f9 (diff)
download	redmine-3844e4bca84510b1614eaf90da565ce105881997.tar.gz redmine-3844e4bca84510b1614eaf90da565ce105881997.zip