From e92239b78aaa3cf0d0e5496754fb1254cd33d8ab Mon Sep 17 00:00:00 2001
From: Darren Shepherd <darren@rancher.com>
Date: Tue, 16 Jan 2018 12:50:29 -0700
Subject: [PATCH] Ensure one can read the object with an action before running
 actionhandler

---
 api/server.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/api/server.go b/api/server.go
index 168bd9d2..ef7a2fee 100644
--- a/api/server.go
+++ b/api/server.go
@@ -5,6 +5,7 @@ import (
 
 	"sync"
 
+	"github.com/rancher/norman/api/access"
 	"github.com/rancher/norman/api/builtin"
 	"github.com/rancher/norman/api/handler"
 	"github.com/rancher/norman/api/writer"
@@ -220,8 +221,11 @@ func (s *Server) handle(rw http.ResponseWriter, req *http.Request) (*types.APICo
 	return apiRequest, nil
 }
 
-func handleAction(action *types.Action, request *types.APIContext) error {
-	return request.Schema.ActionHandler(request.Action, action, request)
+func handleAction(action *types.Action, context *types.APIContext) error {
+	if err := access.ByID(context, context.Version, context.Type, context.ID, nil); err != nil {
+		return err
+	}
+	return context.Schema.ActionHandler(context.Action, action, context)
 }
 
 func (s *Server) handleError(apiRequest *types.APIContext, err error) {