aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Module
diff options
context:
space:
mode:
authorredmatrix <mike@macgirvin.com>2016-08-30 20:54:54 -0700
committerredmatrix <mike@macgirvin.com>2016-08-30 20:54:54 -0700
commitbf3a4095694808486106fcce7cc371ce5c13f587 (patch)
tree5b716e43ce48a451a2fd221800f2889ab45e3c3a /Zotlabs/Module
parent68f6baf938b6f8313fce50c2a79c14fd8795e5a7 (diff)
downloadvolse-hubzilla-bf3a4095694808486106fcce7cc371ce5c13f587.tar.gz
volse-hubzilla-bf3a4095694808486106fcce7cc371ce5c13f587.tar.bz2
volse-hubzilla-bf3a4095694808486106fcce7cc371ce5c13f587.zip
only check permissions on normal photos and force cover photos as well as profile photos to be public. As a side effect 'thing' photos will also be considered public.
Diffstat (limited to 'Zotlabs/Module')
-rw-r--r--Zotlabs/Module/Photo.php9
1 files changed, 9 insertions, 0 deletions
diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php
index 66aaec49f..a16206299 100644
--- a/Zotlabs/Module/Photo.php
+++ b/Zotlabs/Module/Photo.php
@@ -133,7 +133,16 @@ class Photo extends \Zotlabs\Web\Controller {
$allowed = (($r[0]['uid']) ? perm_is_allowed($r[0]['uid'],$observer_xchan,'view_storage') : true);
$sql_extra = permissions_sql($r[0]['uid']);
+
+ if(! $sql_extra)
+ $sql_extra = ' and true ';
+
+ // Only check permissions on normal photos. Those photos we don't check includes
+ // profile photos, xchan photos (which are also profile photos), 'thing' photos,
+ // and cover photos
+ $sql_extra = " and (( photo_usage = 0 $sql_extra ) or photo_usage != 0 )";
+
$channel = channelx_by_n($r[0]['uid']);
// Now we'll see if we can access the photo