Checked object permissions on admin history view.

This is a security fix. Disclosure and advisory coming shortly.

Patch by Russell Keith-Magee.