From 848e3f6c5d2aa10025fae11d1344c09c9adb84f9 Mon Sep 17 00:00:00 2001
From: redmatrix <redmatrix@redmatrix.me>
Date: Wed, 28 Oct 2015 19:43:35 -0700
Subject: photos linked item visibility issue

---
 include/photos.php | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'include/photos.php')

diff --git a/include/photos.php b/include/photos.php
index d62d5aeb8..84e734ced 100644
--- a/include/photos.php
+++ b/include/photos.php
@@ -379,6 +379,20 @@ function photo_upload($channel, $observer, $args) {
 		$arr['plink']           = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid'];
 		$arr['body']		= (($object) ? $args['body'] : $body . "\r\n" . $args['body']);
 
+
+		// this one is tricky because the item and the photo have the same permissions, those of the photo.
+		// Use the channel read_stream permissions to get the correct public_policy for the item and recalculate the
+		// private flag accordingly. This may cause subtle bugs due to custom permissions roles. We want to use 
+		// public policy when federating items to other sites, but should probably ignore them when accessing the item
+		// in the photos pages - using the photos permissions instead. We need the public policy to keep the photo
+		// linked item from leaking into the feed when somebody has a channel with read_stream restrictions.  
+
+		$arr['public_policy']   = map_scope($channel['channel_r_stream'],true));
+		if($arr['public_policy'])
+			$arr['item_private'] = 1;
+
+
+
 		$result = item_store($arr);
 		$item_id = $result['item_id'];
 
-- 
cgit v1.2.3