summaryrefslogtreecommitdiff
path: root/modules/organize/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'modules/organize/controllers')
-rw-r--r--modules/organize/controllers/organize.php4
1 files changed, 4 insertions, 0 deletions
diff --git a/modules/organize/controllers/organize.php b/modules/organize/controllers/organize.php
index 259c94e7..08c80de3 100644
--- a/modules/organize/controllers/organize.php
+++ b/modules/organize/controllers/organize.php
@@ -45,9 +45,13 @@ class Organize_Controller extends Controller {
access::verify_csrf();
$target_album = ORM::factory("item", $target_album_id);
+ access::required("view", $target_album);
+ access::required("add", $target_album);
+
foreach ($this->input->post("source_ids") as $source_id) {
$source = ORM::factory("item", $source_id);
if (!$source->contains($target_album)) {
+ access::required("edit", $source);
item::move($source, $target_album);
}
}
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-14 14:50:37 +0000