From 94855f8900d15b300b472d90a3538d84d7642dcf Mon Sep 17 00:00:00 2001
From: Harry Bomrah <harry@rulingcom.com>
Date: Thu, 31 Jul 2014 17:42:11 +0800
Subject: [PATCH] added security fix for edit

---
 app/controllers/admin/ad_images_controller.rb | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/app/controllers/admin/ad_images_controller.rb b/app/controllers/admin/ad_images_controller.rb
index 42e851e..5f6841a 100644
--- a/app/controllers/admin/ad_images_controller.rb
+++ b/app/controllers/admin/ad_images_controller.rb
@@ -11,8 +11,12 @@ class Admin::AdImagesController < Admin::AdBannersController
 
   def edit
     @ad_image = AdImage.find(params[:id])
+    if can_edit_or_delete?(@ad_image)
      @ad_banners = Banner.all
-    @tags = @module_app.tags || []
+      @tags = @module_app.tags || []
+    else
+      render_401
+    end
   end
   
   def update