diff --git a/3.0/modules/albumpassword/helpers/MY_item.php b/3.0/modules/albumpassword/helpers/MY_item.php index e79717c4..79dd3afc 100644 --- a/3.0/modules/albumpassword/helpers/MY_item.php +++ b/3.0/modules/albumpassword/helpers/MY_item.php @@ -20,32 +20,19 @@ class item extends item_Core { static function viewable($model) { - // Hide the contents of a password protected album, - // Unless the current user is an admin, or the albums owner. + // Hide password protected albums until the correct password is entered, + // unless the current user is an admin, or the albums owner. $model = item_Core::viewable($model); - $album_item = ORM::factory("item")->where("id", "=", $model->id)->find(); - // Figure out if the user can access this album. - $deny_access = false; - $existing_password = ORM::factory("items_albumpassword")->where("album_id", "=", $model->id)->find(); - if ($existing_password->loaded()) { - if ((cookie::get("g3_albumpassword") != $existing_password->password) && - (identity::active_user()->id != $album_item->owner_id)) - $deny_access = true; - } - - // set access::DENY if necessary. - $view_restrictions = array(); - if ($deny_access == true) { - if (!identity::active_user()->admin) { - foreach (identity::group_ids_for_active_user() as $id) { - $view_restrictions[] = array("items.view_$id", "=", access::DENY); - } - } - } - if (count($view_restrictions)) { - $model->and_open()->merge_or_where($view_restrictions)->close(); + // If the user is an admin, don't hide anything anything. + // If not, hide whatever is restricted by an album password + // that the current user is not the owner of. + if (!identity::active_user()->admin) { + $model->and_open()->join("items_albumpasswords", "items.id", "items_albumpasswords.album_id", "LEFT OUTER") + ->and_where("items_albumpasswords.album_id", "IS", NULL) + ->or_where("items_albumpasswords.password", "=", cookie::get("g3_albumpassword")) + ->or_where("items.owner_id", "=", identity::active_user()->id)->close(); } return $model; diff --git a/3.1/modules/albumpassword/helpers/MY_item.php b/3.1/modules/albumpassword/helpers/MY_item.php index e79717c4..79dd3afc 100644 --- a/3.1/modules/albumpassword/helpers/MY_item.php +++ b/3.1/modules/albumpassword/helpers/MY_item.php @@ -20,32 +20,19 @@ class item extends item_Core { static function viewable($model) { - // Hide the contents of a password protected album, - // Unless the current user is an admin, or the albums owner. + // Hide password protected albums until the correct password is entered, + // unless the current user is an admin, or the albums owner. $model = item_Core::viewable($model); - $album_item = ORM::factory("item")->where("id", "=", $model->id)->find(); - // Figure out if the user can access this album. - $deny_access = false; - $existing_password = ORM::factory("items_albumpassword")->where("album_id", "=", $model->id)->find(); - if ($existing_password->loaded()) { - if ((cookie::get("g3_albumpassword") != $existing_password->password) && - (identity::active_user()->id != $album_item->owner_id)) - $deny_access = true; - } - - // set access::DENY if necessary. - $view_restrictions = array(); - if ($deny_access == true) { - if (!identity::active_user()->admin) { - foreach (identity::group_ids_for_active_user() as $id) { - $view_restrictions[] = array("items.view_$id", "=", access::DENY); - } - } - } - if (count($view_restrictions)) { - $model->and_open()->merge_or_where($view_restrictions)->close(); + // If the user is an admin, don't hide anything anything. + // If not, hide whatever is restricted by an album password + // that the current user is not the owner of. + if (!identity::active_user()->admin) { + $model->and_open()->join("items_albumpasswords", "items.id", "items_albumpasswords.album_id", "LEFT OUTER") + ->and_where("items_albumpasswords.album_id", "IS", NULL) + ->or_where("items_albumpasswords.password", "=", cookie::get("g3_albumpassword")) + ->or_where("items.owner_id", "=", identity::active_user()->id)->close(); } return $model;