Add an extra check if the record can be edited.

Author: laoneo

libraries/legacy/controller/form.php

@@ -865,6 +865,17 @@ public function reload($key = null, $urlVar = null)
 
 		$recordId = $this->input->getInt($urlVar);
 
+		if (!$this->allowEdit($data, $key))
+		{
+			$app->redirect(
+				JRoute::_(
+					'index.php?option=' . $this->option . '&view=' . $this->view_list
+					. $this->getRedirectToListAppend(), false
+				)
+			);
+			$app->close();
+		}
+
 		// Populate the row id from the session.
 		$data[$key] = $recordId;