diff options
| -rw-r--r-- | modules/tag/controllers/tags.php | 2 | ||||
| -rw-r--r-- | modules/tag/helpers/tag.php | 2 | ||||
| -rw-r--r-- | modules/tag/helpers/tag_block.php | 2 |
3 files changed, 2 insertions, 4 deletions
diff --git a/modules/tag/controllers/tags.php b/modules/tag/controllers/tags.php index 304d9bd0..7b16f751 100644 --- a/modules/tag/controllers/tags.php +++ b/modules/tag/controllers/tags.php @@ -51,7 +51,6 @@ class Tags_Controller extends REST_Controller { } public function _create($tag) { - // @todo: check permissions $form = tag::get_add_form($this->input->post('item_id')); if ($form->validate()) { $item = ORM::factory("item", $this->input->post("item_id")); @@ -63,7 +62,6 @@ class Tags_Controller extends REST_Controller { rest::http_location(url::site("tags/{$tag->id}")); } - // @todo Return appropriate HTTP status code indicating error. print $form; } diff --git a/modules/tag/helpers/tag.php b/modules/tag/helpers/tag.php index 595f4b08..104d4a30 100644 --- a/modules/tag/helpers/tag.php +++ b/modules/tag/helpers/tag.php @@ -81,7 +81,7 @@ class tag_Core { public static function get_add_form($item_id) { $form = new Forge(url::site("tags"), "", "post", array("id" => "gAddTagForm")); - $group = $form->group(_("Add Tag")); + $group = $form->group("add_tag")->label(_("Add Tag")); $group->input("tag_name"); $group->hidden("item_id")->value($item_id); $group->submit(_("Add")); diff --git a/modules/tag/helpers/tag_block.php b/modules/tag/helpers/tag_block.php index 686f7876..37f7f21e 100644 --- a/modules/tag/helpers/tag_block.php +++ b/modules/tag/helpers/tag_block.php @@ -30,7 +30,7 @@ class tag_block_Core { $block->content = new View("tag_block.html"); $block->content->cloud = tag::cloud(30); - if ($theme->page_type() != "tag") { + if ($theme->page_type() != "tag" && access::can("edit", $theme->item())) { $controller = new Tags_Controller(); $block->content->form = tag::get_add_form($theme->item()); } else { |