added security fix for edit page
This commit is contained in:
parent
fb1a78c550
commit
01bb50fdec
|
@ -41,9 +41,12 @@ class Admin::GalleriesController < OrbitAdminController
|
||||||
|
|
||||||
def edit
|
def edit
|
||||||
@album = Album.find(params[:id])
|
@album = Album.find(params[:id])
|
||||||
|
if can_edit_or_delete?(@album)
|
||||||
@tags = @module_app.tags
|
@tags = @module_app.tags
|
||||||
@categories = @module_app.categories
|
@categories = @module_app.categories
|
||||||
|
else
|
||||||
|
render_401
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def set_cover
|
def set_cover
|
||||||
|
|
Loading…
Reference in New Issue