EditAsset: allow users to edit their own photos

controllers/EditAsset.php

@@ -10,10 +10,6 @@ class EditAsset extends HTMLController
 {
 	public function __construct()
 	{
-		// Ensure it's just admins at this point.
-		if (!Registry::get('user')->isAdmin())
-			throw new NotAllowedException();
-
 		if (empty($_GET['id']))
 			throw new Exception('Invalid request.');
 
@@ -21,6 +17,11 @@ class EditAsset extends HTMLController
 		if (empty($asset))
 			throw new NotFoundException('Asset not found');
 
+		// Can we edit this asset?
+		$user = Registry::get('user');
+		if (!($user->isAdmin() || $asset->isOwnedBy($user)))
+			throw new NotAllowedException();
+
 		if (isset($_REQUEST['delete']))
 			throw new Exception('Not implemented.');
 

models/Asset.php

@@ -383,6 +383,11 @@ class Asset
 		return new Image(get_object_vars($this));
 	}
 
+	public function isOwnedBy(User $user)
+	{
+		return $this->id_user_uploaded == $user->getUserId();
+	}
+
 	public function replaceFile($filename)
 	{
 		// No filename? Abort!