diff --git a/controllers/EditAsset.php b/controllers/EditAsset.php index 19cf70b..d5582d1 100644 --- a/controllers/EditAsset.php +++ b/controllers/EditAsset.php @@ -30,33 +30,39 @@ class EditAsset extends HTMLController header('Location: ' . $redirectUrl); exit; } - else if ((isset($_REQUEST['inc_prio']) || isset($_REQUEST['dec_prio'])) && Session::validateSession('get')) + else { - if (isset($_REQUEST['inc_prio'])) - $priority = $asset->priority + 1; - else - $priority = $asset->priority - 1; + $isPrioChange = isset($_REQUEST['inc_prio']) || isset($_REQUEST['dec_prio']); + $isCoverChange = isset($_REQUEST['album_cover'], $_REQUEST['in']); + $madeChanges = false; - $asset->priority = max(0, min(100, $priority)); - $asset->save(); + if ($user->isAdmin() && $isPrioChange && Session::validateSession('get')) + { + if (isset($_REQUEST['inc_prio'])) + $priority = $asset->priority + 1; + else + $priority = $asset->priority - 1; - if (isset($_SERVER['HTTP_REFERER'])) - header('Location: ' . $_SERVER['HTTP_REFERER']); - else - header('Location: ' . BASEURL . '/' . $asset->getSubdir()); - exit; - } - else if (isset($_REQUEST['album_cover'], $_REQUEST['in']) && Session::validateSession('get')) - { - $tag = Tag::fromId($_REQUEST['in']); - $tag->id_asset_thumb = $asset->getId(); - $tag->save(); + $asset->priority = max(0, min(100, $priority)); + $asset->save(); + $madeChanges = true; + } + elseif ($user->isAdmin() && $isCoverChange && Session::validateSession('get')) + { + $tag = Tag::fromId($_REQUEST['in']); + $tag->id_asset_thumb = $asset->getId(); + $tag->save(); + $madeChanges = true; + } - if (isset($_SERVER['HTTP_REFERER'])) - header('Location: ' . $_SERVER['HTTP_REFERER']); - else - header('Location: ' . BASEURL . '/' . $asset->getSubdir()); - exit; + if ($madeChanges) + { + if (isset($_SERVER['HTTP_REFERER'])) + header('Location: ' . $_SERVER['HTTP_REFERER']); + else + header('Location: ' . BASEURL . '/' . $asset->getSubdir()); + exit; + } } // Get a list of available photo albums