diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2008-12-09 10:14:09 +0000 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2008-12-09 10:14:09 +0000 |
| commit | 4a0e4b798e6ea3341b1bbc902b9e1e5f2c96692d (patch) | |
| tree | cb4c1ea6834c455ce87d345ad5085504b78d5d88 /core/controllers/albums.php | |
| parent | e62103b8d9463bf409881d17a4bda93f3ca3208d (diff) | |
Check view permissions before allowing view access to albums/photos.
Diffstat (limited to 'core/controllers/albums.php')
| -rw-r--r-- | core/controllers/albums.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/core/controllers/albums.php b/core/controllers/albums.php index e684fa6b..bba7fd6e 100644 --- a/core/controllers/albums.php +++ b/core/controllers/albums.php @@ -23,6 +23,10 @@ class Albums_Controller extends Items_Controller { * @see Rest_Controller::_show($resource) */ public function _show($item) { + if (!access::can("view", $item->id)) { + return Kohana::show_404(); + } + // @todo: these need to be pulled from the database $theme_name = "default"; $page_size = 9; |