From c7177593aaf2b1b8fd8dbd53b9cfb6562e1411d7 Mon Sep 17 00:00:00 2001
From: jessib <jessib@riseup.net>
Date: Mon, 5 Nov 2012 13:18:43 -0800
Subject: Use the same URL for viewing tickets when authenticated or not---the
 couchdb ID will be the random string for the secret URL.

Tickets created when user was unauthenticated will be viewable by anybody who knows the URL.
---
 users/app/controllers/controller_extension/authentication.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'users')

diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb
index ebd80b0..598d8a9 100644
--- a/users/app/controllers/controller_extension/authentication.rb
+++ b/users/app/controllers/controller_extension/authentication.rb
@@ -21,7 +21,7 @@ module ControllerExtension::Authentication
 
   def access_denied
     redirect_to login_url, :alert => "Not authorized" if !logged_in?
-    redirect_to root_url, :alert => "Not authorized"
+    redirect_to root_url, :alert => "Not authorized" if logged_in?
   end
 
   def admin?
-- 
cgit v1.2.3