Run web authorisation for all non-api requests. Closes #1152.

2008-09-07 15:07:44 +00:00 · 2008-09-07 15:07:44 +00:00 · d6b05a8da9
commit d6b05a8da9
parent fd6ff4ef3b
1 changed files with 1 additions and 1 deletions
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@ -2,7 +2,7 @@ class UserController < ApplicationController
  layout 'site'

  before_filter :authorize, :only => [:api_details, :api_gpx_files]
-  before_filter :authorize_web, :only => [:account, :go_public, :view, :diary, :make_friend, :remove_friend, :upload_image, :delete_image]
+  before_filter :authorize_web, :except => [:api_details, :api_gpx_files]
  before_filter :require_user, :only => [:set_home, :account, :go_public, :make_friend, :remove_friend, :upload_image, :delete_image]
  before_filter :check_database_availability, :except => [:api_details, :api_gpx_files]
  before_filter :check_read_availability, :only => [:api_details, :api_gpx_files]