From edb17db8cf6c747e89b3139aec738bb39a7999dc Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Mon, 11 Jun 2012 12:47:44 -0700
Subject: Added access check - not really necesssary because we're only doing a
 redirect, but it's nice to be consistent.  Follow-on for #1837.

---
 modules/image_block/controllers/image_block.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'modules/image_block')

diff --git a/modules/image_block/controllers/image_block.php b/modules/image_block/controllers/image_block.php
index 94024b3b..4956c08d 100644
--- a/modules/image_block/controllers/image_block.php
+++ b/modules/image_block/controllers/image_block.php
@@ -20,6 +20,7 @@
 class Image_Block_Controller extends Controller {
   public function random($item_id) {
     $item = ORM::factory("item", $item_id);
+    access::required("view", $item);
     item::set_display_context_callback("Albums_Controller::get_display_context");
     url::redirect($item->abs_url());
   }
-- 
cgit v1.2.3