Proper authentication check

Bakual · May 12, 2016 · c25637f · c25637f
1 parent db20f94
commit c25637f
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/com_sermonspeaker/site/views/frontendupload/view.html.php b/com_sermonspeaker/site/views/frontendupload/view.html.php
@@ -141,7 +141,12 @@ public function display($tpl = null)
 		}
 		else
 		{
-			$authorised = ($this->user->authorise('core.edit', 'com_sermonspeaker'));
+			$authorised = ($this->user->authorise('core.edit', 'com_sermonspeaker.category.' . $this->item->catid));
+
+			if (!$authorised && ($this->item->created_by == $this->user->id))
+			{
+				$authorised = ($this->user->authorise('core.edit.own', 'com_sermonspeaker.category.' . $this->item->catid));
+			}
 		}
 
 		if ($authorised !== true)