From 1216a62e3ba2e5c9d959fca748136661755d72e8 Mon Sep 17 00:00:00 2001
From: Jack Weeden <jack@ajack.org>
Date: Wed, 26 Jun 2013 16:01:59 +0100
Subject: [PATCH] Authorize user on note update

---
 app/controllers/notes_controller.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/controllers/notes_controller.rb b/app/controllers/notes_controller.rb
index dbec660b7..6acdd2afa 100644
--- a/app/controllers/notes_controller.rb
+++ b/app/controllers/notes_controller.rb
@@ -2,6 +2,7 @@ class NotesController < ProjectResourceController
   # Authorize
   before_filter :authorize_read_note!
   before_filter :authorize_write_note!, only: [:create]
+  before_filter :authorize_modify_note!, only: [:update]
 
   respond_to :js
 
-- 
2.11.0