Merge pull request #7318 from deantownsley/lessbubbles
Don't try to auth for public images
This commit is contained in:
commit
8a1f31b322
1 changed files with 8 additions and 5 deletions
|
@ -130,18 +130,21 @@ class Photo extends BaseObject
|
||||||
*/
|
*/
|
||||||
public static function getPhoto($resourceid, $scale = 0)
|
public static function getPhoto($resourceid, $scale = 0)
|
||||||
{
|
{
|
||||||
$r = self::selectFirst(["uid"], ["resource-id" => $resourceid]);
|
$r = self::selectFirst(["uid", "allow_cid", "allow_gid", "deny_cid", "deny_gid"], ["resource-id" => $resourceid]);
|
||||||
if ($r === false) {
|
if ($r === false) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
$uid = $r["uid"];
|
$uid = $r["uid"];
|
||||||
|
|
||||||
// This is the first place, when retrieving just a photo, that we know who owns the photo.
|
// This is the first place, when retrieving just a photo, that we know who owns the photo.
|
||||||
// Make sure that the requester's session is appropriately authenticated to that user
|
// Check if the photo is public (empty allow and deny means public), if so, skip auth attempt, if not
|
||||||
|
// make sure that the requester's session is appropriately authenticated to that user
|
||||||
// otherwise permissions checks done by getPermissionsSQLByUserId() won't work correctly
|
// otherwise permissions checks done by getPermissionsSQLByUserId() won't work correctly
|
||||||
|
if (!empty($r["allow_cid"]) || !empty($r["allow_gid"]) || !empty($r["deny_cid"]) || !empty($r["deny_gid"])) {
|
||||||
$r = DBA::selectFirst("user", ["nickname"], ["uid" => $uid], []);
|
$r = DBA::selectFirst("user", ["nickname"], ["uid" => $uid], []);
|
||||||
// this will either just return (if auth all ok) or will redirect and exit (starting over)
|
// this will either just return (if auth all ok) or will redirect and exit (starting over)
|
||||||
DFRN::autoRedir(self::getApp(), $r["nickname"]);
|
DFRN::autoRedir(self::getApp(), $r["nickname"]);
|
||||||
|
}
|
||||||
|
|
||||||
$sql_acl = Security::getPermissionsSQLByUserId($uid);
|
$sql_acl = Security::getPermissionsSQLByUserId($uid);
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue