From 73120cdc1c5e90889f8059dac572495c21ac15a4 Mon Sep 17 00:00:00 2001 From: Jacques Distler Date: Wed, 17 Jun 2009 12:45:53 -0500 Subject: [PATCH] Rollback one change from previous commit S5 should not be visible on unpublished, password-protected webs. --- app/controllers/application_controller.rb | 5 +++-- app/controllers/file_controller.rb | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index e3a762f9..259e0478 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -222,14 +222,15 @@ class ApplicationController < ActionController::Base end def authorization_needed? - not %w(login authenticate feeds published atom_with_headlines atom_with_content s5 file blahtex_png).include?(action_name) + not %w(login authenticate feeds published atom_with_headlines atom_with_content file blahtex_png).include?(action_name) end def authorized? @web.nil? or @web.password.nil? or cookies[CGI.escape(@web_name)] == @web.password or - password_check(params['password']) + password_check(params['password']) or + (@web.published? and action_name == 's5') end end diff --git a/app/controllers/file_controller.rb b/app/controllers/file_controller.rb index 0c57eb2c..25e613ad 100644 --- a/app/controllers/file_controller.rb +++ b/app/controllers/file_controller.rb @@ -38,7 +38,7 @@ class FileController < ApplicationController end def blahtex_png - send_file(@web.blahtex_pngs_path + '/' + params['id']) + send_file(@web.blahtex_pngs_path + '/' + params['id']) if check_authorized end def delete