EditAsset: allow users to edit their own photos

controllers/EditAsset.php

@@ -10,10 +10,6 @@ class EditAsset extends HTMLController
 {
 	public function __construct()
 	{
-		// Ensure it's just admins at this point.
-		if (!Registry::get('user')->isAdmin())
-			throw new NotAllowedException();
-
 		if (empty($_GET['id']))
 			throw new Exception('Invalid request.');
 
@@ -21,6 +17,11 @@ class EditAsset extends HTMLController
 		if (empty($asset))
 			throw new NotFoundException('Asset not found');
 
+		// Can we edit this asset?
+		$user = Registry::get('user');
+		if (!($user->isAdmin() || $asset->isOwnedBy($user)))
+			throw new NotAllowedException();
+
 		if (isset($_REQUEST['delete']))
 			throw new Exception('Not implemented.');