1 files changed, 21 insertions, 1 deletions

diff --git a/app/controllers/snippets_controller.rb b/app/controllers/snippets_controller.rb
index 54ad6019f75..45b3f529c4c 100644
--- a/app/controllers/snippets_controller.rb
+++ b/app/controllers/snippets_controller.rb
@@ -5,8 +5,18 @@ class SnippetsController < ApplicationController
 
   # Authorize
   before_filter :add_project_abilities
+
+  # Allow read any snippet
   before_filter :authorize_read_snippet!
-  before_filter :authorize_write_snippet!, :only => [:new, :create, :close, :edit, :update, :sort]
+
+  # Allow write(create) snippet
+  before_filter :authorize_write_snippet!, :only => [:new, :create]
+
+  # Allow modify snippet
+  before_filter :authorize_modify_snippet!, :only => [:edit, :update]
+
+  # Allow destroy snippet
+  before_filter :authorize_admin_snippet!, :only => [:destroy]
 
   respond_to :html
 
@@ -60,4 +70,14 @@ class SnippetsController < ApplicationController
 
     redirect_to project_snippets_path(@project)
   end
+
+  protected
+
+  def authorize_modify_snippet!
+    can?(current_user, :modify_snippet, @snippet)
+  end
+
+  def authorize_admin_snippet!
+    can?(current_user, :admin_snippet, @snippet)
+  end
 end