diff options
| author | Michael Meer <michael@meer.name> | 2013-01-14 13:57:54 +0100 |
|---|---|---|
| committer | Michael Meer <michael@meer.name> | 2013-01-14 13:57:54 +0100 |
| commit | 1dd188a29e60bf0fb7b4c085250f1da2eb07538f (patch) | |
| tree | 8c870de7b49c21332975d1fd6b764cb91c651857 | |
| parent | 3a5fea516a2b7a849d3d6969cf74dff643c88e52 (diff) | |
| download | volse-hubzilla-1dd188a29e60bf0fb7b4c085250f1da2eb07538f.tar.gz volse-hubzilla-1dd188a29e60bf0fb7b4c085250f1da2eb07538f.tar.bz2 volse-hubzilla-1dd188a29e60bf0fb7b4c085250f1da2eb07538f.zip | |
rewrite of // get the current observerwith
| -rw-r--r-- | boot.php | 26 |
1 files changed, 15 insertions, 11 deletions
@@ -1249,19 +1249,23 @@ function profile_load(&$a, $nickname, $profile = 0) { return; } - if(remote_user() && count($_SESSION['remote'])) { - foreach($_SESSION['remote'] as $visitor) { - if($visitor['uid'] == $user[0]['channel_id']) { - $r = q("SELECT `profile_id` FROM `contact` WHERE `id` = %d LIMIT 1", - intval($visitor['cid']) - ); - if(count($r)) - $profile = $r[0]['profile_id']; - break; - } - } + // get the current observer + $observer = $a->get_observer(); + + // Can the observer see our profile? + require_once('include/permissions.php'); + if(! perm_is_allowed($user[0]['channel_id'],$observer['xchan_hash'],'view_profile') { + // permission denied + //TODO: place error message + return; } + $r = q("SELECT abook_profile FROM abook WHERE abook_xchan = '%s' limit 1", + dbesc($observer['xchan_hash']) + ); + if($r) + $profile = $r[0]['abook_profile']; + $r = null; //TODO needs avatar_date !! |