bborn/communityengine

[fatal] album can be edited by other users

taro-k opened this issue 8 years ago · 0 comments

taro-k commented 8 years ago

The following album(id=1) belongs to user1
http://192.168.122.82/users/user1/albums/1/edit
can be edited and apply if user2 access by
http://192.168.122.82/users/user2/albums/1/edit