bug #99 - don't show album name/link if photos are private

This commit is contained in:
Friendika 2011-06-30 03:39:08 -07:00
parent 994011ddb6
commit 8819c73ba1

View file

@ -23,7 +23,41 @@ function photos_init(&$a) {
$a->data['user'] = $r[0];
$albums = q("SELECT distinct(`album`) AS `album` FROM `photo` WHERE `uid` = %d",
// default permissions - anonymous user
$sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
// Profile owner - everything is visible
if(local_user() && (local_user() == $a->data['user']['uid'])) {
$sql_extra = '';
}
elseif(remote_user()) {
$groups = init_groups_visitor(remote_user());
// authenticated visitor - here lie dragons
$gs = '<<>>'; // should be impossible to match
if(count($groups)) {
foreach($groups as $g)
$gs .= '|<' . intval($g) . '>';
}
$sql_extra = sprintf(
" AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' )
AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' )
AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )
AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ",
intval(remote_user()),
intval(remote_user()),
dbesc($gs),
dbesc($gs)
);
}
$albums = q("SELECT distinct(`album`) AS `album` FROM `photo` WHERE `uid` = %d $sql_extra ",
intval($a->data['user']['uid'])
);