Create a new "add" permission and require it at the controller level

when adding photos/movies/albums
author: Bharat Mediratta <bharat@menalto.com> 2009-05-13 18:03:50 +0000
committer: Bharat Mediratta <bharat@menalto.com> 2009-05-13 18:03:50 +0000
commit: c52a231bc08558077788601cbd8a97cd514f1a63 (patch)
tree: 57e9e445ea2824d40405244d13b2fc5c919587a6 /modules/server_add
parent: 5c40669fd7b5a2b89d8e8dfb283c2703d0979d49 (diff)
2 files changed, 2 insertions, 0 deletions
diff --git a/modules/server_add/controllers/server_add.php b/modules/server_add/controllers/server_add.php
index 8d3986b0..7cb9a9e2 100644
--- a/modules/server_add/controllers/server_add.php
+++ b/modules/server_add/controllers/server_add.php
@@ -23,6 +23,7 @@ class Server_Add_Controller extends Controller {
 
     $item = ORM::factory("item", $id);
     access::required("server_add", $item);
+    access::required("add", $item);
 
     $view = new View("server_add_tree_dialog.html");
     $view->action = url::site("__ARGS__/{$id}__TASK_ID__?csrf=" . access::csrf_token());
diff --git a/modules/server_add/helpers/server_add_task.php b/modules/server_add/helpers/server_add_task.php
index 3ed770e8..e3e22ab4 100644
--- a/modules/server_add/helpers/server_add_task.php
+++ b/modules/server_add/helpers/server_add_task.php
@@ -32,6 +32,7 @@ class server_add_task_Core {
         $file = $context["files"][$path][$context["position"]];
         $parent = ORM::factory("item", $file["parent_id"]);
         access::required("server_add", $parent);
+        access::required("add", $parent);
         if (!$parent->is_album()) {
           throw new Exception("@todo BAD_ALBUM");
         }
author	Bharat Mediratta <bharat@menalto.com>	2009-05-13 18:03:50 +0000
committer	Bharat Mediratta <bharat@menalto.com>	2009-05-13 18:03:50 +0000
commit	c52a231bc08558077788601cbd8a97cd514f1a63 (patch)
tree	57e9e445ea2824d40405244d13b2fc5c919587a6 /modules/server_add
parent	5c40669fd7b5a2b89d8e8dfb283c2703d0979d49 (diff)