access to private discussions

This discussion is related to the api (json) addon.

I noticed that if I knew the ID, I could access a private discussion.

class DiscussionController extends APIController
{
public $Uses = array('Form', 'Database', 'CategoryModel', 'DiscussionModel', 'CommentModel');

public function Index()
{
$Limit = GetIncomingValue('limit', 5);
$Offset = GetIncomingValue('offset', 0);
$DiscussionID = GetIncomingValue('id', 0);
$Session = Gdn::Session();
$Discussion = $this->DiscussionModel->GetID($DiscussionID);
$this->Permission('Vanilla.Discussions.View', TRUE, 'Category', $Discussion->PermissionCategoryID); <<<<< ADDED<br />

that seems to fix it but I dont know if it's the right fix. Anyone know?