Add missing “authorize” calls in Organizations#new and #create (#362)

Author: remi

app/controllers/web/organizations_controller.rb

@@ -8,6 +8,7 @@ def index; end
   # GET /organizations/new
   def new
     @organization = Organization.new
+    authorize! :create, @organization
   end
 
   # GET /organizations/:id/edit
@@ -16,6 +17,7 @@ def edit; end
   # POST /organizations
   def create
     @organization = Organization.new(organization_params)
+    authorize! :create, @organization
 
     if @organization.save
       redirect_to web_organizations_path, notice: t('.notice')