Fixes permission check in QueriesController (#5181).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3611 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-03-24 20:25:09 +00:00 · 2010-03-24 20:25:09 +00:00 · 84dfff5957
parent d29adc9bb7
commit 84dfff5957
1 changed files with 1 additions and 1 deletions
--- a/app/controllers/queries_controller.rb
+++ b/app/controllers/queries_controller.rb
@ -74,7 +74,7 @@ private
  
  def find_optional_project
    @project = Project.find(params[:project_id]) if params[:project_id]
-    User.current.allowed_to?(:save_queries, @project, :global => true)
+    render_403 unless User.current.allowed_to?(:save_queries, @project, :global => true)
  rescue ActiveRecord::RecordNotFound
    render_404
  end