From 69588e633dccd0466eae6ae9875fe8b03de763ec Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Mon, 19 Dec 2005 22:30:35 +0000
Subject: [PATCH] r633: Subscription is just one permission to check for; we
 also need to make sure the user can actually view bugs

---
 favourite.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/favourite.php b/favourite.php
index b4e4d8a..28b0f92 100644
--- a/favourite.php
+++ b/favourite.php
@@ -33,7 +33,7 @@ if ($_REQUEST['do'] == 'handle')
 		$message->error($lang->getlex('error_invalid_id'));
 	}
 	
-	if (!can_perform('cansubscribe', $bug['productid']))
+	if (!can_perform('cansubscribe', $bug['productid']) OR !can_perform('canviewbugs', $bug['productid']))
 	{
 		$message->error_permission();
 	}
-- 
2.22.5