[Bps-public-commit] App-Changeloggr branch, master, updated. bad642c62f388f6be8038b07277e276cfaabf61a

[sartak at bestpractical.com]

The branch, master has been updated
       via  bad642c62f388f6be8038b07277e276cfaabf61a (commit)
      from  beafe14ea92433475b2a3b568404df42a76a6661 (commit)

Summary of changes:
 lib/App/Changeloggr/Model/Changelog.pm |    3 +--
 1 files changed, 1 insertions(+), 2 deletions(-)

- Log -----------------------------------------------------------------
commit bad642c62f388f6be8038b07277e276cfaabf61a
Author: Shawn M Moore <sartak at gmail.com>
Date:   Fri Feb 27 21:17:02 2009 -0500

    Need to forbid the reading of admin_token

diff --git a/lib/App/Changeloggr/Model/Changelog.pm b/lib/App/Changeloggr/Model/Changelog.pm
index 22bcbb9..a004d06 100644
--- a/lib/App/Changeloggr/Model/Changelog.pm
+++ b/lib/App/Changeloggr/Model/Changelog.pm
@@ -33,8 +33,7 @@ sub current_user_can {
 
     # anyone can create and read changelogs (except admin token)
     return 1 if $right eq 'create'
-#             || ($right eq 'read' && $args{column} ne 'admin_token');
-             || $right eq 'read';
+             || ($right eq 'read' && $args{column} ne 'admin_token');
 
     # but not delete or update. those must happen as root
     return $self->SUPER::current_user_can($right, %args);

-----------------------------------------------------------------------