From bf3a4095694808486106fcce7cc371ce5c13f587 Mon Sep 17 00:00:00 2001
From: redmatrix <mike@macgirvin.com>
Date: Tue, 30 Aug 2016 20:54:54 -0700
Subject: only check permissions on normal photos and force cover photos as
 well as profile photos to be public. As a side effect 'thing' photos will
 also be considered public.

---
 Zotlabs/Module/Photo.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php
index 66aaec49f..a16206299 100644
--- a/Zotlabs/Module/Photo.php
+++ b/Zotlabs/Module/Photo.php
@@ -133,7 +133,16 @@ class Photo extends \Zotlabs\Web\Controller {
 				$allowed = (($r[0]['uid']) ? perm_is_allowed($r[0]['uid'],$observer_xchan,'view_storage') : true);
 	
 				$sql_extra = permissions_sql($r[0]['uid']);
+
+				if(! $sql_extra)
+					$sql_extra = ' and true ';
+
+				// Only check permissions on normal photos. Those photos we don't check includes
+				// profile photos, xchan photos (which are also profile photos), 'thing' photos,
+				// and cover photos
 	
+				$sql_extra = " and (( photo_usage = 0 $sql_extra ) or photo_usage != 0 )";
+
 				$channel = channelx_by_n($r[0]['uid']);
 
 				// Now we'll see if we can access the photo
-- 
cgit v1.2.3