diff options
| author | andyst <andy.st@gmail.com> | 2009-06-01 23:45:37 -0700 |
|---|---|---|
| committer | andyst <andy.st@gmail.com> | 2009-06-01 23:45:37 -0700 |
| commit | 02a840c84cada5a1c0cc0768f350424460310e5d (patch) | |
| tree | 6a35d4afddcf291327a4ff42245bca17328084ae /modules/gallery/controllers/move.php | |
| parent | d0845aadc629cf10b8eee490a651c039750a1430 (diff) | |
| parent | 3b6567f38c206f1302c7b22d94d5eae4b458311a (diff) | |
Merge branch 'master' of git@github.com:gallery/gallery3
Diffstat (limited to 'modules/gallery/controllers/move.php')
| -rw-r--r-- | modules/gallery/controllers/move.php | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/modules/gallery/controllers/move.php b/modules/gallery/controllers/move.php index 130c247f..93ef05a6 100644 --- a/modules/gallery/controllers/move.php +++ b/modules/gallery/controllers/move.php @@ -20,6 +20,7 @@ class Move_Controller extends Controller { public function browse($source_id) { $source = ORM::factory("item", $source_id); + access::required("view", $source); access::required("edit", $source); $view = new View("move_browse.html"); @@ -33,6 +34,11 @@ class Move_Controller extends Controller { $source = ORM::factory("item", $source_id); $target = ORM::factory("item", $this->input->post("target_id")); + access::required("view", $source); + access::required("edit", $source); + access::required("view", $target); + access::required("edit", $target); + item::move($source, $target); print json_encode( @@ -43,8 +49,11 @@ class Move_Controller extends Controller { public function show_sub_tree($source_id, $target_id) { $source = ORM::factory("item", $source_id); $target = ORM::factory("item", $target_id); + access::required("view", $source); access::required("edit", $source); access::required("view", $target); + // show targets even if they're not editable because they may contain children which *are* + // editable print $this->_get_tree_html($source, $target); } |