1 files changed, 1 insertions, 2 deletions

diff --git a/lib/helper.rb b/lib/helper.rb
index 191b932..a1590d7 100644
--- a/lib/helper.rb
+++ b/lib/helper.rb
@@ -19,8 +19,6 @@ helpers do
 
   #Check Authorization for URI with method and subjectid. 
   def authorized?(subjectid)
-    # hack for reports, address problem as soon as subjectid is not longer allowed as param 
-    return true if request.env['REQUEST_URI'] =~ /validation\/report\/.*svg$/
     request_method = request.env['REQUEST_METHOD']
     uri = clean_uri("#{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}")
     request_method = "GET" if request_method == "POST" &&  uri =~ /\/model\/\d+\/?$/
@@ -52,6 +50,7 @@ before do
       subjectid = session[:subjectid] if session[:subjectid]
       subjectid = params[:subjectid]  if params[:subjectid] and !subjectid
       subjectid = request.env['HTTP_SUBJECTID'] if request.env['HTTP_SUBJECTID'] and !subjectid
+      subjectid = request.cookies["subjectid"] unless subjectid
       # see http://rack.rubyforge.org/doc/SPEC.html
       subjectid = CGI.unescape(subjectid) if subjectid.include?("%23")
       @subjectid = subjectid