Fixes permission check in QueriesController (#5181).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3611 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
parent
d29adc9bb7
commit
84dfff5957
|
@ -74,7 +74,7 @@ private
|
|||
|
||||
def find_optional_project
|
||||
@project = Project.find(params[:project_id]) if params[:project_id]
|
||||
User.current.allowed_to?(:save_queries, @project, :global => true)
|
||||
render_403 unless User.current.allowed_to?(:save_queries, @project, :global => true)
|
||||
rescue ActiveRecord::RecordNotFound
|
||||
render_404
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue