Fixed: a user not authorized to edit wiki pages gets the edit form if the page doesn't exist. He now gets a 404.

git-svn-id: http://redmine.rubyforge.org/svn/trunk@823 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang 2007-10-10 21:18:10 +00:00
parent 38f540a701
commit 3844e4bca8
1 changed files with 7 additions and 2 deletions

View File

@ -31,8 +31,13 @@ class WikiController < ApplicationController
page_title = params[:page] page_title = params[:page]
@page = @wiki.find_or_new_page(page_title) @page = @wiki.find_or_new_page(page_title)
if @page.new_record? if @page.new_record?
edit if User.current.allowed_to?(:edit_wiki_pages, @project)
render :action => 'edit' and return edit
render :action => 'edit'
else
render_404
end
return
end end
@content = @page.content_for_version(params[:version]) @content = @page.content_for_version(params[:version])
if params[:export] == 'html' if params[:export] == 'html'