From b14f02810eec176039ce6658f767e4ec6370a130 Mon Sep 17 00:00:00 2001
From: Marcin Kurczewski <mkurczew@gmail.com>
Date: Sat, 22 Nov 2014 13:00:36 +0100
Subject: [PATCH] Fixed everyone could view every post

---
 src/Controllers/PostController.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Controllers/PostController.php b/src/Controllers/PostController.php
index 069678c2..ae0a27eb 100644
--- a/src/Controllers/PostController.php
+++ b/src/Controllers/PostController.php
@@ -77,6 +77,7 @@ final class PostController extends AbstractController
 
 	public function getByNameOrId($postNameOrId)
 	{
+		$this->privilegeService->assertPrivilege(Privilege::VIEW_POSTS);
 		$post = $this->postService->getByNameOrId($postNameOrId);
 		return $this->postViewProxy->fromEntity($post, $this->getFullFetchConfig());
 	}