Merge branch 'master' of git@github.com:gallery/gallery3

author: andyst <andy.st@gmail.com> 2009-06-01 23:45:37 -0700
committer: andyst <andy.st@gmail.com> 2009-06-01 23:45:37 -0700
commit: 02a840c84cada5a1c0cc0768f350424460310e5d (patch)
tree: 6a35d4afddcf291327a4ff42245bca17328084ae /modules/gallery/controllers/permissions.php
parent: d0845aadc629cf10b8eee490a651c039750a1430 (diff)
parent: 3b6567f38c206f1302c7b22d94d5eae4b458311a (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/modules/gallery/controllers/permissions.php b/modules/gallery/controllers/permissions.php
index b0cee303..c776a0fd 100644
--- a/modules/gallery/controllers/permissions.php
+++ b/modules/gallery/controllers/permissions.php
@@ -20,6 +20,7 @@
 class Permissions_Controller extends Controller {
   function browse($id) {
     $item = ORM::factory("item", $id);
+    access::required("view", $item);
     access::required("edit", $item);
 
     if (!$item->is_album()) {
@@ -37,6 +38,7 @@ class Permissions_Controller extends Controller {
 
   function form($id) {
     $item = ORM::factory("item", $id);
+    access::required("view", $item);
     access::required("edit", $item);
 
     if (!$item->is_album()) {
@@ -48,9 +50,11 @@ class Permissions_Controller extends Controller {
 
   function change($command, $group_id, $perm_id, $item_id) {
     access::verify_csrf();
+
     $group = ORM::factory("group", $group_id);
     $perm = ORM::factory("permission", $perm_id);
     $item = ORM::factory("item", $item_id);
+    access::required("view", $item);
     access::required("edit", $item);
 
     if ($group->loaded && $perm->loaded && $item->loaded) {
author	andyst <andy.st@gmail.com>	2009-06-01 23:45:37 -0700
committer	andyst <andy.st@gmail.com>	2009-06-01 23:45:37 -0700
commit	02a840c84cada5a1c0cc0768f350424460310e5d (patch)
tree	6a35d4afddcf291327a4ff42245bca17328084ae /modules/gallery/controllers/permissions.php
parent	d0845aadc629cf10b8eee490a651c039750a1430 (diff)
parent	3b6567f38c206f1302c7b22d94d5eae4b458311a (diff)