From 1dd188a29e60bf0fb7b4c085250f1da2eb07538f Mon Sep 17 00:00:00 2001
From: Michael Meer <michael@meer.name>
Date: Mon, 14 Jan 2013 13:57:54 +0100
Subject:  rewrite of // get the current observerwith

---
 boot.php | 26 +++++++++++++++-----------
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/boot.php b/boot.php
index 7af9248ad..4dd8d68c3 100644
--- a/boot.php
+++ b/boot.php
@@ -1249,19 +1249,23 @@ function profile_load(&$a, $nickname, $profile = 0) {
 		return;
 	}
 
-	if(remote_user() && count($_SESSION['remote'])) {
-		foreach($_SESSION['remote'] as $visitor) {
-			if($visitor['uid'] == $user[0]['channel_id']) {
-				$r = q("SELECT `profile_id` FROM `contact` WHERE `id` = %d LIMIT 1",
-					intval($visitor['cid'])
-				);
-				if(count($r))
-					$profile = $r[0]['profile_id'];
-				break;
-			}
-		}
+	// get the current observer
+	$observer = $a->get_observer();
+
+	// Can the observer see our profile?
+	require_once('include/permissions.php');
+	if(! perm_is_allowed($user[0]['channel_id'],$observer['xchan_hash'],'view_profile') {
+		// permission denied
+		//TODO: place error message
+		return;
 	}
 
+	$r = q("SELECT abook_profile FROM abook WHERE abook_xchan = '%s' limit 1",
+		dbesc($observer['xchan_hash'])
+	);
+	if($r)
+		$profile = $r[0]['abook_profile'];
+
 	$r = null;
 
 //TODO needs avatar_date !!
-- 
cgit v1.2.3