From 0b5e294a929aeb8c223ab44aaeca51a00cb9b6ed Mon Sep 17 00:00:00 2001
From: Sergey Polischuk <spolischook@gmail.com>
Date: Tue, 18 Nov 2014 14:24:17 +0200
Subject: [PATCH] Fixed user comparison for AlbumController:checkAlbumOwning
 method

---
 Controller/AlbumController.php | 8 +++++++-
 SecurityHelper.php             | 3 +++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/Controller/AlbumController.php b/Controller/AlbumController.php
index 684cc14..ed25941 100644
--- a/Controller/AlbumController.php
+++ b/Controller/AlbumController.php
@@ -131,9 +131,15 @@ protected function getAlbumUrl(AlbumInterface $album)
         return $this->container->get('foq_album.url_generator')->getAlbumUrl('foq_album_album_show', $album);
     }
 
+    /**
+     * @param AlbumInterface $album
+     * @throws AccessDeniedException
+     * @return void
+     */
     protected function checkAlbumOwning(AlbumInterface $album)
     {
-        if ($album->getUser() !== $this->container->get('foq_album.security_helper')->getUser()) {
+        if (!$this->container->get('foq_album.security_helper') ||
+            $album->getUser()->getId() !== $this->container->get('foq_album.security_helper')->getUser()->getId()) {
             throw new AccessDeniedException();
         }
     }
diff --git a/SecurityHelper.php b/SecurityHelper.php
index 699bb8e..48f5be3 100644
--- a/SecurityHelper.php
+++ b/SecurityHelper.php
@@ -14,6 +14,9 @@ public function __construct(SecurityContext $securityContext)
         $this->securityContext = $securityContext;
     }
 
+    /**
+     * @return void|User
+     */
     public function getUser()
     {
         if ($token = $this->securityContext->getToken()) {