added security fix for edit page

app/controllers/admin/galleries_controller.rb

@@ -41,9 +41,12 @@ class Admin::GalleriesController < OrbitAdminController
 
   def edit
       @album = Album.find(params[:id])
-      @tags = @module_app.tags
+      if can_edit_or_delete?(@album)
-    @categories = @module_app.categories
+        @tags = @module_app.tags
-
+        @categories = @module_app.categories
+      else
+        render_401
+      end
   end
 
   def set_cover