summaryrefslogtreecommitdiff
path: root/modules/gallery/controllers/permissions.php
diff options
context:
space:
mode:
Diffstat (limited to 'modules/gallery/controllers/permissions.php')
-rw-r--r--modules/gallery/controllers/permissions.php4
1 files changed, 4 insertions, 0 deletions
diff --git a/modules/gallery/controllers/permissions.php b/modules/gallery/controllers/permissions.php
index b0cee303..c776a0fd 100644
--- a/modules/gallery/controllers/permissions.php
+++ b/modules/gallery/controllers/permissions.php
@@ -20,6 +20,7 @@
class Permissions_Controller extends Controller {
function browse($id) {
$item = ORM::factory("item", $id);
+ access::required("view", $item);
access::required("edit", $item);
if (!$item->is_album()) {
@@ -37,6 +38,7 @@ class Permissions_Controller extends Controller {
function form($id) {
$item = ORM::factory("item", $id);
+ access::required("view", $item);
access::required("edit", $item);
if (!$item->is_album()) {
@@ -48,9 +50,11 @@ class Permissions_Controller extends Controller {
function change($command, $group_id, $perm_id, $item_id) {
access::verify_csrf();
+
$group = ORM::factory("group", $group_id);
$perm = ORM::factory("permission", $perm_id);
$item = ORM::factory("item", $item_id);
+ access::required("view", $item);
access::required("edit", $item);
if ($group->loaded && $perm->loaded && $item->loaded) {
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-14 11:38:58 +0000