diff options
Diffstat (limited to 'app/controllers/projects/notes_controller.rb')
-rw-r--r-- | app/controllers/projects/notes_controller.rb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/app/controllers/projects/notes_controller.rb b/app/controllers/projects/notes_controller.rb index ef7d047b1ad..627cb2bd93c 100644 --- a/app/controllers/projects/notes_controller.rb +++ b/app/controllers/projects/notes_controller.rb @@ -76,6 +76,7 @@ class Projects::NotesController < Projects::ApplicationController def authorize_create_note! return unless noteable.lockable? + access_denied! unless can?(current_user, :create_note, noteable) end end |