Fixes permission check in QueriesController (#5181).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3611 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang 2010-03-24 20:25:09 +00:00
parent d29adc9bb7
commit 84dfff5957
1 changed files with 1 additions and 1 deletions

View File

@ -74,7 +74,7 @@ private
def find_optional_project
@project = Project.find(params[:project_id]) if params[:project_id]
User.current.allowed_to?(:save_queries, @project, :global => true)
render_403 unless User.current.allowed_to?(:save_queries, @project, :global => true)
rescue ActiveRecord::RecordNotFound
render_404
end