Run web authorisation for all non-api requests. Closes #1152.

diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index d88de5ff397cd271e398c6f478d89e400157d938..df2a799c35c8aa6ccfe4a92e1b1e3f736e3f10b9 100644 (file)
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -2,7 +2,7 @@ class UserController < ApplicationController
   layout 'site'
 
   before_filter :authorize, :only => [:api_details, :api_gpx_files]
-  before_filter :authorize_web, :only => [:account, :go_public, :view, :diary, :make_friend, :remove_friend, :upload_image, :delete_image]
+  before_filter :authorize_web, :except => [:api_details, :api_gpx_files]
   before_filter :require_user, :only => [:set_home, :account, :go_public, :make_friend, :remove_friend, :upload_image, :delete_image]
   before_filter :check_database_availability, :except => [:api_details, :api_gpx_files]
   before_filter :check_read_availability, :only => [:api_details, :api_gpx_files]