added security fix for edit page

This commit is contained in:
Harry Bomrah 2014-07-31 17:47:11 +08:00
parent fb1a78c550
commit 01bb50fdec
1 changed files with 6 additions and 3 deletions

View File

@ -41,9 +41,12 @@ class Admin::GalleriesController < OrbitAdminController
def edit def edit
@album = Album.find(params[:id]) @album = Album.find(params[:id])
if can_edit_or_delete?(@album)
@tags = @module_app.tags @tags = @module_app.tags
@categories = @module_app.categories @categories = @module_app.categories
else
render_401
end
end end
def set_cover def set_cover