# HG changeset patch
# User Marcin Kuzminski <marcin@python-works.com>
# Date 2013-04-15 00:11:06
# Node ID f5b204789b46055f63e0c3cbbb0212d5797ca523
# Parent  7efc8dcc0dc4717df97a971725ddd7349be1c495

added missing perms check on history call

diff --git a/rhodecode/controllers/files.py b/rhodecode/controllers/files.py
--- a/rhodecode/controllers/files.py
+++ b/rhodecode/controllers/files.py
@@ -182,6 +182,9 @@ class FilesController(BaseRepoController
 
         return render('files/files.html')
 
+    @LoginRequired()
+    @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
+                                   'repository.admin')
     def history(self, repo_name, revision, f_path, annotate=False):
         if request.environ.get('HTTP_X_PARTIAL_XHR'):
             c.changeset = self.__get_cs_or_redirect(revision, repo_name)