diff options
| author | Friendika <info@friendika.com> | 2011-06-30 03:39:08 -0700 |
|---|---|---|
| committer | Friendika <info@friendika.com> | 2011-06-30 03:39:08 -0700 |
| commit | 8819c73ba1ae1cbf19d2c517a87d30104d1a5da1 (patch) | |
| tree | 66855c6d1831d8487584d599b895e1ba6dea676a /mod | |
| parent | 994011ddb6cc1097214537160a10bf710aedc553 (diff) | |
| download | volse-hubzilla-8819c73ba1ae1cbf19d2c517a87d30104d1a5da1.tar.gz volse-hubzilla-8819c73ba1ae1cbf19d2c517a87d30104d1a5da1.tar.bz2 volse-hubzilla-8819c73ba1ae1cbf19d2c517a87d30104d1a5da1.zip | |
bug #99 - don't show album name/link if photos are private
Diffstat (limited to 'mod')
| -rw-r--r-- | mod/photos.php | 36 |
1 files changed, 35 insertions, 1 deletions
diff --git a/mod/photos.php b/mod/photos.php index 187eb154c..f8059fc08 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -23,7 +23,41 @@ function photos_init(&$a) { $a->data['user'] = $r[0]; - $albums = q("SELECT distinct(`album`) AS `album` FROM `photo` WHERE `uid` = %d", + + // default permissions - anonymous user + + $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' "; + + // Profile owner - everything is visible + + if(local_user() && (local_user() == $a->data['user']['uid'])) { + $sql_extra = ''; + } + elseif(remote_user()) { + + $groups = init_groups_visitor(remote_user()); + + // authenticated visitor - here lie dragons + $gs = '<<>>'; // should be impossible to match + if(count($groups)) { + foreach($groups as $g) + $gs .= '|<' . intval($g) . '>'; + } + $sql_extra = sprintf( + " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) + AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' ) + AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' ) + AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ", + + intval(remote_user()), + intval(remote_user()), + dbesc($gs), + dbesc($gs) + ); + } + + + $albums = q("SELECT distinct(`album`) AS `album` FROM `photo` WHERE `uid` = %d $sql_extra ", intval($a->data['user']['uid']) ); |