From 84dfff5957d4486258a1e4a30b9a72933278c1df Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Wed, 24 Mar 2010 20:25:09 +0000
Subject: [PATCH] Fixes permission check in QueriesController (#5181).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3611 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/controllers/queries_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/queries_controller.rb b/app/controllers/queries_controller.rb
index 16755a125..599060e69 100644
--- a/app/controllers/queries_controller.rb
+++ b/app/controllers/queries_controller.rb
@@ -74,7 +74,7 @@ private
   
   def find_optional_project
     @project = Project.find(params[:project_id]) if params[:project_id]
-    User.current.allowed_to?(:save_queries, @project, :global => true)
+    render_403 unless User.current.allowed_to?(:save_queries, @project, :global => true)
   rescue ActiveRecord::RecordNotFound
     render_404
   end
-- 
GitLab