0
@@ -1,6 +1,8 @@
0
 class Admin::AssetsController < Admin::BaseController
0
   member_actions.push(*%w(index new create latest search add_bucket clear_bucket))
0
+  skip_before_filter :login_required
0
   before_filter :find_asset, :except => [:index, :new, :create, :latest, :search, :upload, :clear_bucket]
0
+  before_filter :login_required
0
 
0
   def index
0
     search_assets 24
0
@@ -134,4 +136,8 @@ class Admin::AssetsController < Admin::BaseController
0
         :conditions => "site_id = #{site.id} #{type_conditions && "and #{type_conditions}"} AND #{search_conditions[:conditions]}", 
0
         :include => search_conditions[:include])
0
     end
0
+    
0
+    def allow_member?
0
+      @asset && @asset.user_id.to_s == current_user.id.to_s
0
+    end
0
 end

0
@@ -7,8 +7,14 @@ class Admin::BaseController < ApplicationController
0
   before_filter :login_required, :except => :feed
0
 
0
   protected
0
+    # standard authorization method.  allow logged in users that are admins, or members in certain actions
0
     def authorized?
0
-      logged_in? && (admin? || member_actions.include?(action_name))
0
+      logged_in? && (admin? || member_actions.include?(action_name) || allow_member?)
0
+    end
0
+
0
+    # further customize the authorization process, for those special methods that require extra validation
0
+    def allow_member?
0
+      true
0
     end
0
 
0
     def find_and_sort_templates

0
@@ -17,6 +17,7 @@ gif:
0
   created_at: <%= 11.minutes.ago.to_s :db %>
0
   title: gif
0
   thumbnails_count: 1
0
+  user_id: 4
0
 png:
0
   id: 2
0
   content_type: image/png