Added access check - not really necesssary because we're only doing a

redirect, but it's nice to be consistent. Follow-on for #1837.
author: Bharat Mediratta <bharat@menalto.com> 2012-06-11 12:47:44 -0700
committer: Bharat Mediratta <bharat@menalto.com> 2012-06-11 12:47:44 -0700
commit: edb17db8cf6c747e89b3139aec738bb39a7999dc (patch)
tree: 0f613025a23ab29b17cb9d40cfc3882fbe51bdf6 /modules/image_block/controllers
parent: 024e2c0cd42e6c12904f4da43a9c16134cac0cc6 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/modules/image_block/controllers/image_block.php b/modules/image_block/controllers/image_block.php
index 94024b3b..4956c08d 100644
--- a/modules/image_block/controllers/image_block.php
+++ b/modules/image_block/controllers/image_block.php
@@ -20,6 +20,7 @@
 class Image_Block_Controller extends Controller {
   public function random($item_id) {
     $item = ORM::factory("item", $item_id);
+    access::required("view", $item);
     item::set_display_context_callback("Albums_Controller::get_display_context");
     url::redirect($item->abs_url());
   }
author	Bharat Mediratta <bharat@menalto.com>	2012-06-11 12:47:44 -0700
committer	Bharat Mediratta <bharat@menalto.com>	2012-06-11 12:47:44 -0700
commit	edb17db8cf6c747e89b3139aec738bb39a7999dc (patch)
tree	0f613025a23ab29b17cb9d40cfc3882fbe51bdf6 /modules/image_block/controllers
parent	024e2c0cd42e6c12904f4da43a9c16134cac0cc6 (diff)