From 783ca8979652085e2708cf3e020f3f83349dedb2 Mon Sep 17 00:00:00 2001
From: gitlabhq <m@gitlabhq.com>
Date: Mon, 17 Oct 2011 13:39:03 +0300
Subject: security improved

---
 app/controllers/snippets_controller.rb | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

(limited to 'app/controllers/snippets_controller.rb')

diff --git a/app/controllers/snippets_controller.rb b/app/controllers/snippets_controller.rb
index 5a6ffa4f913..b31fe6836a2 100644
--- a/app/controllers/snippets_controller.rb
+++ b/app/controllers/snippets_controller.rb
@@ -52,12 +52,11 @@ class SnippetsController < ApplicationController
 
   def destroy
     @snippet = @project.snippets.find(params[:id])
-    authorize_admin_snippet! unless @snippet.author == current_user
+
+    return access_denied! unless can?(current_user, :admin_snippet, @snippet)
 
     @snippet.destroy
 
-    respond_to do |format|
-      format.js { render :nothing => true }  
-    end
+    redirect_to project_snippets_path(@project)
   end
 end
-- 
cgit v1.2.1