From 8819c73ba1ae1cbf19d2c517a87d30104d1a5da1 Mon Sep 17 00:00:00 2001 From: Friendika Date: Thu, 30 Jun 2011 03:39:08 -0700 Subject: bug #99 - don't show album name/link if photos are private --- mod/photos.php | 36 +++++++++++++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) (limited to 'mod/photos.php') diff --git a/mod/photos.php b/mod/photos.php index 187eb154c..f8059fc08 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -23,7 +23,41 @@ function photos_init(&$a) { $a->data['user'] = $r[0]; - $albums = q("SELECT distinct(`album`) AS `album` FROM `photo` WHERE `uid` = %d", + + // default permissions - anonymous user + + $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' "; + + // Profile owner - everything is visible + + if(local_user() && (local_user() == $a->data['user']['uid'])) { + $sql_extra = ''; + } + elseif(remote_user()) { + + $groups = init_groups_visitor(remote_user()); + + // authenticated visitor - here lie dragons + $gs = '<<>>'; // should be impossible to match + if(count($groups)) { + foreach($groups as $g) + $gs .= '|<' . intval($g) . '>'; + } + $sql_extra = sprintf( + " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) + AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' ) + AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' ) + AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ", + + intval(remote_user()), + intval(remote_user()), + dbesc($gs), + dbesc($gs) + ); + } + + + $albums = q("SELECT distinct(`album`) AS `album` FROM `photo` WHERE `uid` = %d $sql_extra ", intval($a->data['user']['uid']) ); -- cgit v1.2.3