Merge pull request #361 from EverythingMe/DAT-825

arikfr · arikfr · commit d941e5e5b1bd · 2015-01-25T17:44:58.000+02:00
Fix: fail with 403 when user not allowed to archive query.
diff --git a/redash/controllers.py b/redash/controllers.py
@@ -349,7 +349,7 @@ def delete(self, query_id):
             if q.user.id == self.current_user.id or self.current_user.has_permission('admin'):
                 q.archive()
             else:
-                self.delete_others_query(query_id)
+                abort(403)
         else:
             abort(404, message="Query not found.")
 
