bug #99 - don't show album name/link if photos are private
This commit is contained in:
parent
994011ddb6
commit
8819c73ba1
|
@ -23,7 +23,41 @@ function photos_init(&$a) {
|
|||
|
||||
$a->data['user'] = $r[0];
|
||||
|
||||
$albums = q("SELECT distinct(`album`) AS `album` FROM `photo` WHERE `uid` = %d",
|
||||
|
||||
// default permissions - anonymous user
|
||||
|
||||
$sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
|
||||
|
||||
// Profile owner - everything is visible
|
||||
|
||||
if(local_user() && (local_user() == $a->data['user']['uid'])) {
|
||||
$sql_extra = '';
|
||||
}
|
||||
elseif(remote_user()) {
|
||||
|
||||
$groups = init_groups_visitor(remote_user());
|
||||
|
||||
// authenticated visitor - here lie dragons
|
||||
$gs = '<<>>'; // should be impossible to match
|
||||
if(count($groups)) {
|
||||
foreach($groups as $g)
|
||||
$gs .= '|<' . intval($g) . '>';
|
||||
}
|
||||
$sql_extra = sprintf(
|
||||
" AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' )
|
||||
AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' )
|
||||
AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )
|
||||
AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ",
|
||||
|
||||
intval(remote_user()),
|
||||
intval(remote_user()),
|
||||
dbesc($gs),
|
||||
dbesc($gs)
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
$albums = q("SELECT distinct(`album`) AS `album` FROM `photo` WHERE `uid` = %d $sql_extra ",
|
||||
intval($a->data['user']['uid'])
|
||||
);
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user