From 6ce1f68d7e2fc483d5cf672dc2f36fe471677249 Mon Sep 17 00:00:00 2001 From: Hagen Schink Date: Wed, 11 Jun 2014 14:39:13 +0200 Subject: [PATCH] Deny anonymous access --- app/controllers/api/v2/custom_fields_controller.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/controllers/api/v2/custom_fields_controller.rb b/app/controllers/api/v2/custom_fields_controller.rb index ddcd0b2f1e..722e060553 100644 --- a/app/controllers/api/v2/custom_fields_controller.rb +++ b/app/controllers/api/v2/custom_fields_controller.rb @@ -35,7 +35,7 @@ module Api accept_key_auth :index, :show - before_filter :require_permissions + before_filter :require_authentication def index wp_fields = WorkPackageCustomField.find :all, @@ -63,8 +63,8 @@ module Api protected - def require_permissions - deny_access unless User.current.allowed_to? :edit_project, nil, :global => true + def require_authentication + deny_access if User.current.anonymous? end end