diff options
Diffstat (limited to 'app/controllers/notes_controller.rb')
| -rw-r--r-- | app/controllers/notes_controller.rb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/app/controllers/notes_controller.rb b/app/controllers/notes_controller.rb index 1703c00d5e5..46425664d6e 100644 --- a/app/controllers/notes_controller.rb +++ b/app/controllers/notes_controller.rb @@ -4,7 +4,6 @@ class NotesController < ApplicationController # Authorize before_filter :add_project_abilities before_filter :authorize_write_note!, :only => [:create] - before_filter :authorize_admin_note!, :only => [:destroy] respond_to :js @@ -25,6 +24,9 @@ class NotesController < ApplicationController def destroy @note = @project.notes.find(params[:id]) + + return access_denied! unless can?(current_user, :admin_note, @note) + @note.destroy respond_to do |format| |