diff options
| author | gitlabhq <m@gitlabhq.com> | 2011-10-17 13:39:03 +0300 |
|---|---|---|
| committer | gitlabhq <m@gitlabhq.com> | 2011-10-17 13:39:03 +0300 |
| commit | 783ca8979652085e2708cf3e020f3f83349dedb2 (patch) | |
| tree | 2753b16c8ea021b95489ded0a92c54158cef8545 /app/controllers/snippets_controller.rb | |
| parent | b08e4074b49acdb00dc9e041dab65a11462a090c (diff) | |
| download | gitlab-ce-783ca8979652085e2708cf3e020f3f83349dedb2.tar.gz | |
security improved
Diffstat (limited to 'app/controllers/snippets_controller.rb')
| -rw-r--r-- | app/controllers/snippets_controller.rb | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/app/controllers/snippets_controller.rb b/app/controllers/snippets_controller.rb index 5a6ffa4f913..b31fe6836a2 100644 --- a/app/controllers/snippets_controller.rb +++ b/app/controllers/snippets_controller.rb @@ -52,12 +52,11 @@ class SnippetsController < ApplicationController def destroy @snippet = @project.snippets.find(params[:id]) - authorize_admin_snippet! unless @snippet.author == current_user + + return access_denied! unless can?(current_user, :admin_snippet, @snippet) @snippet.destroy - respond_to do |format| - format.js { render :nothing => true } - end + redirect_to project_snippets_path(@project) end end |