bug #99 - don't show album name/link if photos are private
This commit is contained in:
parent
994011ddb6
commit
8819c73ba1
1 changed files with 35 additions and 1 deletions
|
@ -23,7 +23,41 @@ function photos_init(&$a) {
|
||||||
|
|
||||||
$a->data['user'] = $r[0];
|
$a->data['user'] = $r[0];
|
||||||
|
|
||||||
$albums = q("SELECT distinct(`album`) AS `album` FROM `photo` WHERE `uid` = %d",
|
|
||||||
|
// default permissions - anonymous user
|
||||||
|
|
||||||
|
$sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
|
||||||
|
|
||||||
|
// Profile owner - everything is visible
|
||||||
|
|
||||||
|
if(local_user() && (local_user() == $a->data['user']['uid'])) {
|
||||||
|
$sql_extra = '';
|
||||||
|
}
|
||||||
|
elseif(remote_user()) {
|
||||||
|
|
||||||
|
$groups = init_groups_visitor(remote_user());
|
||||||
|
|
||||||
|
// authenticated visitor - here lie dragons
|
||||||
|
$gs = '<<>>'; // should be impossible to match
|
||||||
|
if(count($groups)) {
|
||||||
|
foreach($groups as $g)
|
||||||
|
$gs .= '|<' . intval($g) . '>';
|
||||||
|
}
|
||||||
|
$sql_extra = sprintf(
|
||||||
|
" AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' )
|
||||||
|
AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' )
|
||||||
|
AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )
|
||||||
|
AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ",
|
||||||
|
|
||||||
|
intval(remote_user()),
|
||||||
|
intval(remote_user()),
|
||||||
|
dbesc($gs),
|
||||||
|
dbesc($gs)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
$albums = q("SELECT distinct(`album`) AS `album` FROM `photo` WHERE `uid` = %d $sql_extra ",
|
||||||
intval($a->data['user']['uid'])
|
intval($a->data['user']['uid'])
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue