Fixed: a user not authorized to edit wiki pages gets the edit form if the page doesn...

author Jean-Philippe Lang <jp_lang@yahoo.fr>

Wed, 10 Oct 2007 21:18:10 +0000 (21:18 +0000)

committer Jean-Philippe Lang <jp_lang@yahoo.fr>

Wed, 10 Oct 2007 21:18:10 +0000 (21:18 +0000)
author Jean-Philippe Lang <jp_lang@yahoo.fr>
Wed, 10 Oct 2007 21:18:10 +0000 (21:18 +0000)
committer Jean-Philippe Lang <jp_lang@yahoo.fr>
Wed, 10 Oct 2007 21:18:10 +0000 (21:18 +0000)
diff --git a/app/controllers/wiki_controller.rb b/app/controllers/wiki_controller.rb

index fe53e63..7609323 100644 (file)
--- a/app/controllers/wiki_controller.rb
+++ b/app/controllers/wiki_controller.rb
@@ -31,8 +31,13 @@ class WikiController < ApplicationController
      page_title = params[:page]
      @page = @wiki.find_or_new_page(page_title)
      if @page.new_record?
-      edit
-      render :action => 'edit' and return
+      if User.current.allowed_to?(:edit_wiki_pages, @project)
+        edit
+        render :action => 'edit'
+      else
+        render_404
+      end
+      return
      end
      @content = @page.content_for_version(params[:version])
      if params[:export] == 'html'
author	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Wed, 10 Oct 2007 21:18:10 +0000 (21:18 +0000)
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Wed, 10 Oct 2007 21:18:10 +0000 (21:18 +0000)