diff options
| author | Chad Kieffer <ckieffer@gmail.com> | 2009-06-02 22:55:23 -0600 |
|---|---|---|
| committer | Chad Kieffer <ckieffer@gmail.com> | 2009-06-02 22:55:23 -0600 |
| commit | 1df6db45dc569cc6f18a9d1622fce5ebe62f8d30 (patch) | |
| tree | e4e8cac619bc2443c3e26d0f87a25c51f8a3b273 /modules/gallery/controllers/permissions.php | |
| parent | 2bd8051c28621f6c25a3f85b73da2f94d62440f2 (diff) | |
| parent | dde5fb96ee9db5a67b286ea4ac4f35190453a6ef (diff) | |
Merge branch 'master' of git@github.com:gallery/gallery3
Diffstat (limited to 'modules/gallery/controllers/permissions.php')
| -rw-r--r-- | modules/gallery/controllers/permissions.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/modules/gallery/controllers/permissions.php b/modules/gallery/controllers/permissions.php index b0cee303..c776a0fd 100644 --- a/modules/gallery/controllers/permissions.php +++ b/modules/gallery/controllers/permissions.php @@ -20,6 +20,7 @@ class Permissions_Controller extends Controller { function browse($id) { $item = ORM::factory("item", $id); + access::required("view", $item); access::required("edit", $item); if (!$item->is_album()) { @@ -37,6 +38,7 @@ class Permissions_Controller extends Controller { function form($id) { $item = ORM::factory("item", $id); + access::required("view", $item); access::required("edit", $item); if (!$item->is_album()) { @@ -48,9 +50,11 @@ class Permissions_Controller extends Controller { function change($command, $group_id, $perm_id, $item_id) { access::verify_csrf(); + $group = ORM::factory("group", $group_id); $perm = ORM::factory("permission", $perm_id); $item = ORM::factory("item", $item_id); + access::required("view", $item); access::required("edit", $item); if ($group->loaded && $perm->loaded && $item->loaded) { |