diff options
Diffstat (limited to 'modules/organize/controllers')
| -rw-r--r-- | modules/organize/controllers/organize.php | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/modules/organize/controllers/organize.php b/modules/organize/controllers/organize.php index 4639777c..08c80de3 100644 --- a/modules/organize/controllers/organize.php +++ b/modules/organize/controllers/organize.php @@ -45,16 +45,20 @@ class Organize_Controller extends Controller { access::verify_csrf(); $target_album = ORM::factory("item", $target_album_id); + access::required("view", $target_album); + access::required("add", $target_album); + foreach ($this->input->post("source_ids") as $source_id) { $source = ORM::factory("item", $source_id); if (!$source->contains($target_album)) { + access::required("edit", $source); item::move($source, $target_album); } } print json_encode( - array("tree" => self::_expanded_tree(ORM::factory("item", 1), $album)->__toString(), - "grid" => self::_get_micro_thumb_grid($album, 0)->__toString())); + array("tree" => self::_expanded_tree(ORM::factory("item", 1), $target_album)->__toString(), + "grid" => self::_get_micro_thumb_grid($target_album, 0)->__toString())); } function rearrange($target_id, $before_or_after) { |