From 3844e4bca84510b1614eaf90da565ce105881997 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Wed, 10 Oct 2007 21:18:10 +0000
Subject: [PATCH] Fixed: a user not authorized to edit wiki pages gets the edit
 form if the page doesn't exist. He now gets a 404.

git-svn-id: http://redmine.rubyforge.org/svn/trunk@823 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/controllers/wiki_controller.rb | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/app/controllers/wiki_controller.rb b/app/controllers/wiki_controller.rb
index fe53e63f..7609323f 100644
--- a/app/controllers/wiki_controller.rb
+++ b/app/controllers/wiki_controller.rb
@@ -31,8 +31,13 @@ class WikiController < ApplicationController
     page_title = params[:page]
     @page = @wiki.find_or_new_page(page_title)
     if @page.new_record?
-      edit
-      render :action => 'edit' and return
+      if User.current.allowed_to?(:edit_wiki_pages, @project)
+        edit
+        render :action => 'edit'
+      else
+        render_404
+      end
+      return
     end
     @content = @page.content_for_version(params[:version])
     if params[:export] == 'html'
-- 
2.11.0