From 5e70083a6a7211d7fbd903e1787eaa582b5f5631 Mon Sep 17 00:00:00 2001
From: r888888888 <r888888888@gmail.com>
Date: Thu, 6 Aug 2015 11:53:31 -0700
Subject: [PATCH] fix security bug

---
 app/controllers/application_controller.rb | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index aa5ba79fc..42de71490 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -159,6 +159,11 @@ protected
   end
 
   def post_approvers_only
-    CurrentUser.can_approve_posts?
+    if CurrentUser.can_approve_posts?
+      true
+    else
+      access_denied()
+      false
+    end
   end
 end