From d6b05a8da92af53ed978f32321b2b90fbc4405a6 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Sun, 7 Sep 2008 15:07:44 +0000
Subject: [PATCH 1/1] Run web authorisation for all non-api requests. Closes
 #1152.

---
 app/controllers/user_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index d88de5ff3..df2a799c3 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -2,7 +2,7 @@ class UserController < ApplicationController
   layout 'site'
 
   before_filter :authorize, :only => [:api_details, :api_gpx_files]
-  before_filter :authorize_web, :only => [:account, :go_public, :view, :diary, :make_friend, :remove_friend, :upload_image, :delete_image]
+  before_filter :authorize_web, :except => [:api_details, :api_gpx_files]
   before_filter :require_user, :only => [:set_home, :account, :go_public, :make_friend, :remove_friend, :upload_image, :delete_image]
   before_filter :check_database_availability, :except => [:api_details, :api_gpx_files]
   before_filter :check_read_availability, :only => [:api_details, :api_gpx_files]
-- 
2.43.2