From c52a231bc08558077788601cbd8a97cd514f1a63 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Wed, 13 May 2009 18:03:50 +0000
Subject: Create a new "add" permission and require it at the controller level
 when adding photos/movies/albums

---
 core/controllers/albums.php          | 8 ++++----
 core/controllers/simple_uploader.php | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

(limited to 'core/controllers')

diff --git a/core/controllers/albums.php b/core/controllers/albums.php
index adf59c02..6b976163 100644
--- a/core/controllers/albums.php
+++ b/core/controllers/albums.php
@@ -75,7 +75,7 @@ class Albums_Controller extends Items_Controller {
    * @see REST_Controller::_create($resource)
    */
   public function _create($album) {
-    access::required("edit", $album);
+    access::required("add", $album);
 
     switch ($this->input->post("type")) {
     case "album":
@@ -90,7 +90,7 @@ class Albums_Controller extends Items_Controller {
   }
 
   private function _create_album($album) {
-    access::required("edit", $album);
+    access::required("add", $album);
 
     $form = album::get_add_form($album);
     if ($form->validate()) {
@@ -117,7 +117,7 @@ class Albums_Controller extends Items_Controller {
   }
 
   private function _create_photo($album) {
-    access::required("edit", $album);
+    access::required("add", $album);
 
     // If we set the content type as JSON, it triggers saving the result as
     // a document in the browser (well, in Chrome at least).
@@ -185,7 +185,7 @@ class Albums_Controller extends Items_Controller {
    */
   public function _form_add($album_id) {
     $album = ORM::factory("item", $album_id);
-    access::required("edit", $album);
+    access::required("add", $album);
 
     switch ($this->input->get("type")) {
     case "album":
diff --git a/core/controllers/simple_uploader.php b/core/controllers/simple_uploader.php
index 479082d5..8d8bbbc0 100644
--- a/core/controllers/simple_uploader.php
+++ b/core/controllers/simple_uploader.php
@@ -33,7 +33,7 @@ class Simple_Uploader_Controller extends Controller {
 
   public function add_photo($id) {
     $album = ORM::factory("item", $id);
-    access::required("edit", $album);
+    access::required("add", $album);
     access::verify_csrf();
 
     $file_validation = new Validation($_FILES);
-- 
cgit v1.2.3