[myexperiment-hackers] [2616] trunk/app/controllers/previews_controller.rb: added authorisation check on preview downloads

[noreply]

Revision

2616

Author

dgc

Date

2011-06-27 09:56:37 -0400 (Mon, 27 Jun 2011)

Log Message

added authorisation check on preview downloads

Modified Paths

• trunk/app/controllers/previews_controller.rb

Diff

Modified: trunk/app/controllers/previews_controller.rb (2615 => 2616)

--- trunk/app/controllers/previews_controller.rb	2011-06-27 13:05:28 UTC (rev 2615)
+++ trunk/app/controllers/previews_controller.rb	2011-06-27 13:56:37 UTC (rev 2616)
@@ -14,6 +14,11 @@
       return
     end
 
+    if Authorization.check(:action ="" 'view', :object => @context, :user => current_user) == false
+      render :nothing => true, :status => "401 Unauthorized"
+      return
+    end
+
     type = params[:id]
 
     case type