Validate on server that user can only update template they are allowed to edit

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Edit a template that user has access to
2. Use a tool to tamper the request data when saving before it is sent to 
server, such that you change the template id and various parameters to refer to 
a template that is not shared and the user doesn't have access to.

What is the expected output? What do you see instead?
1. The server should validate that template is allowed to be edited by the user 
and throw an error if it isn't, rather than attempt to save it.

Original issue reported on code.google.com by joshdrum...@gmail.com on 4 Dec 2010 at 12:55

[GoogleCodeExporter]

Original comment by joshdrum...@gmail.com on 5 Dec 2010 at 4:43

• Changed state: Fixed

[GoogleCodeExporter]

Original comment by joshdrum...@gmail.com on 27 Dec 2010 at 8:11

• Added labels: Milestone-Release1.0, Security