Index: app/models/user.rb
===================================================================
--- app/models/user.rb  (revision 2903)
+++ app/models/user.rb  (working copy)
@@ -273,7 +273,7 @@

       roles = roles_for_project(project)
       return false unless roles
-      roles.detect {|role| (project.is_public? || role.member?) && role.allowed_to?(action)}
+      roles.detect {|role| role.allowed_to?(action)}

     elsif options[:global]
       # Admin users are always authorized