|
From: | noreply |
Subject: | [myexperiment-hackers] [2616] trunk/app/controllers/previews_controller.rb: added authorisation check on preview downloads |
Date: | Mon, 27 Jun 2011 09:56:37 -0400 (EDT) |
added authorisation check on preview downloads
--- trunk/app/controllers/previews_controller.rb 2011-06-27 13:05:28 UTC (rev 2615)
+++ trunk/app/controllers/previews_controller.rb 2011-06-27 13:56:37 UTC (rev 2616)
@@ -14,6 +14,11 @@
return
end
+ if Authorization.check(:action ="" 'view', :object => @context, :user => current_user) == false
+ render :nothing => true, :status => "401 Unauthorized"
+ return
+ end
+
type = params[:id]
case type
[Prev in Thread] | Current Thread | [Next in Thread] |