Added ownership test to controller tasks.

components/journal/controllers/entry.php

@@ -56,8 +56,10 @@ public function Display ( $pView = null, $pData = array ( ) ) {
 
 	public function Add ( $pView = null, $pData = array ( ) ) {
 
-		$this->_Focus = $this->Talk ( 'User', 'Focus' );
-		$this->_Current = $this->Talk ( 'User', 'Current' );
+		if ( !$this->_CheckAccess ( ) ) {
+			$this->GetSys ( 'Foundation' )->Redirect ( 'common/403.php' );
+			return ( false );
+		}
 
 		$this->View = $this->GetView ( 'edit' );
 
@@ -70,8 +72,10 @@ public function Add ( $pView = null, $pData = array ( ) ) {
 
 	public function Edit ( $pView = null, $pData = array ( ) ) {
 
-		$this->_Focus = $this->Talk ( 'User', 'Focus' );
-		$this->_Current = $this->Talk ( 'User', 'Current' );
+		if ( !$this->_CheckAccess ( ) ) {
+			$this->GetSys ( 'Foundation' )->Redirect ( 'common/403.php' );
+			return ( false );
+		}
 
 		$Identifier = $this->GetSys ( 'Request' )->Get ( 'Identifier' );
 
@@ -141,8 +145,10 @@ private function _PrepEdit ( ) {
 
 	public function Save ( ) {
 
-		$this->_Focus = $this->Talk ( 'User', 'Focus' );
-		$this->_Current = $this->Talk ( 'User', 'Current' );
+		if ( !$this->_CheckAccess ( ) ) {
+			$this->GetSys ( 'Foundation' )->Redirect ( 'common/403.php' );
+			return ( false );
+		}
 
 		$this->Model = $this->GetModel ();
 
@@ -172,11 +178,25 @@ public function Save ( ) {
 		exit;
 	}
 
-	public function Cancel ( ) {
+	private function _CheckAccess ( ) {
 
 		$this->_Focus = $this->Talk ( 'User', 'Focus' );
 		$this->_Current = $this->Talk ( 'User', 'Current' );
 
+		if ( ( $this->_Focus->Username != $this->_Current->Username ) or ( $this->_Focus->Domain != $this->_Current->Domain ) ) {
+			return ( false );
+		}
+
+		return ( true );
+	}
+
+	public function Cancel ( ) {
+
+		if ( !$this->_CheckAccess ( ) ) {
+			$this->GetSys ( 'Foundation' )->Redirect ( 'common/403.php' );
+			return ( false );
+		}
+
 		$Identifier = $this->GetSys ( 'Request' )->Get ( 'Identifier' );
 
 		if ( $Identifier ) {