diff options
-rw-r--r-- | include/photos.php | 26 | ||||
-rw-r--r-- | include/security.php | 2 | ||||
-rw-r--r-- | mod/photos.php | 19 |
3 files changed, 35 insertions, 12 deletions
diff --git a/include/photos.php b/include/photos.php index 84352ed32..7ccfd31c6 100644 --- a/include/photos.php +++ b/include/photos.php @@ -223,4 +223,28 @@ function photo_upload($channel, $observer, $args) { call_hooks('photo_post_end',$ret); return $ret; -}
\ No newline at end of file +} + + + + +function photos_albums_list($channel,$observer) { + + $channel_id = $channel['channel_id']; + $observer_xchan = (($observer) ? $observer['xchan_hash'] : ''); + + if(! perm_is_allowed($channel_id,$observer_xchan,'view_photos')) + return false; + + // FIXME - create a permissions SQL which works on arbitrary observers and channels, regardless of login or web status + + $sql_extra = permissions_sql($channel_id); + + $albums = q("SELECT distinct album from photo where uid = %d $sql_extra order by created desc", + intval($channel_id) + ); + + return $albums; + +} + diff --git a/include/security.php b/include/security.php index f28174153..9f4058f88 100644 --- a/include/security.php +++ b/include/security.php @@ -166,6 +166,8 @@ function change_channel($change_channel) { } + + function permissions_sql($owner_id,$remote_verified = false,$groups = null) { $local_user = local_user(); diff --git a/mod/photos.php b/mod/photos.php index 8c967b91a..00985ab9b 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -5,6 +5,7 @@ require_once('include/items.php'); require_once('include/acl_selectors.php'); require_once('include/bbcode.php'); require_once('include/security.php'); +require_once('include/Contact.php'); function photos_init(&$a) { @@ -17,7 +18,7 @@ function photos_init(&$a) { if(argc() > 1) { $nick = argv(1); - $r = q("SELECT * FROM channel WHERE channel_address = '%s' LIMIT 1", + $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_address = '%s' LIMIT 1", dbesc($nick) ); @@ -27,21 +28,17 @@ function photos_init(&$a) { $a->data['channel'] = $r[0]; $observer = $a->get_observer(); - $a->data['perms'] = get_all_perms($r[0]['channel_id'],(($observer) ? $observer['xchan_hash'] : '')); + $a->data['observer'] = $observer; - $o .= '<div class="vcard">'; - $o .= '<div class="fn">' . $a->data['channel']['channel_name'] . '</div>'; - $o .= '<div id="profile-photo-wrapper"><img class="photo" style="width: 175px; height: 175px;" src="' . $a->get_baseurl() . '/photo/profile/l/' . $a->data['channel']['channel_id'] . '" alt="' . $a->data['channel']['channel_name'] . '" /></div>'; - $o .= '</div>'; + $observer_xchan = (($observer) ? $observer['xchan_hash'] : ''); + $a->data['perms'] = get_all_perms($r[0]['channel_id'],$observer_xchan); - $sql_extra = permissions_sql($a->data['channel']['channel_id']); + $o .= vcard_from_xchan($a->data['channel'],$observer_xchan); - $albums = q("SELECT distinct(`album`) AS `album` FROM `photo` WHERE `uid` = %d $sql_extra order by created desc", - intval($a->data['channel']['channel_id']) - ); + $albums = photos_albums_list($a->data['channel'],$observer); - if(count($albums)) { + if($albums) { $a->data['albums'] = $albums; // FIXME $albums_visible = ((intval($a->data['user']['hidewall']) && (! local_user()) && (! remote_user())) ? false : true); |