From 702eb5fdad727b7b9765dc1775c74878e0aa82dd Mon Sep 17 00:00:00 2001
From: Markus Kahl <machisuji@gmail.com>
Date: Fri, 29 Jul 2016 12:33:04 +0100
Subject: [PATCH] check correct permission before destroying

---
 lib/report/controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/report/controller.rb b/lib/report/controller.rb
index c8c24b21ff..944e28cc34 100644
--- a/lib/report/controller.rb
+++ b/lib/report/controller.rb
@@ -95,7 +95,7 @@ module Report::Controller
   # RecordNotFound if the query at :id does not exist
   def destroy
     if @query
-      @query.destroy if allowed_to? :delete, @query
+      @query.destroy if allowed_to? :destroy, @query
     else
       raise ActiveRecord::RecordNotFound
     end