diff options
Diffstat (limited to 'Zotlabs')
-rw-r--r-- | Zotlabs/Module/Photo.php | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php index 66aaec49f..a16206299 100644 --- a/Zotlabs/Module/Photo.php +++ b/Zotlabs/Module/Photo.php @@ -133,7 +133,16 @@ class Photo extends \Zotlabs\Web\Controller { $allowed = (($r[0]['uid']) ? perm_is_allowed($r[0]['uid'],$observer_xchan,'view_storage') : true); $sql_extra = permissions_sql($r[0]['uid']); + + if(! $sql_extra) + $sql_extra = ' and true '; + + // Only check permissions on normal photos. Those photos we don't check includes + // profile photos, xchan photos (which are also profile photos), 'thing' photos, + // and cover photos + $sql_extra = " and (( photo_usage = 0 $sql_extra ) or photo_usage != 0 )"; + $channel = channelx_by_n($r[0]['uid']); // Now we'll see if we can access the photo |