Hide the album instead of the albums contents.
This commit is contained in:
parent
9969734286
commit
63873f96cd
@ -20,32 +20,19 @@
|
||||
|
||||
class item extends item_Core {
|
||||
static function viewable($model) {
|
||||
// Hide the contents of a password protected album,
|
||||
// Unless the current user is an admin, or the albums owner.
|
||||
// Hide password protected albums until the correct password is entered,
|
||||
// unless the current user is an admin, or the albums owner.
|
||||
|
||||
$model = item_Core::viewable($model);
|
||||
$album_item = ORM::factory("item")->where("id", "=", $model->id)->find();
|
||||
|
||||
// Figure out if the user can access this album.
|
||||
$deny_access = false;
|
||||
$existing_password = ORM::factory("items_albumpassword")->where("album_id", "=", $model->id)->find();
|
||||
if ($existing_password->loaded()) {
|
||||
if ((cookie::get("g3_albumpassword") != $existing_password->password) &&
|
||||
(identity::active_user()->id != $album_item->owner_id))
|
||||
$deny_access = true;
|
||||
}
|
||||
|
||||
// set access::DENY if necessary.
|
||||
$view_restrictions = array();
|
||||
if ($deny_access == true) {
|
||||
// If the user is an admin, don't hide anything anything.
|
||||
// If not, hide whatever is restricted by an album password
|
||||
// that the current user is not the owner of.
|
||||
if (!identity::active_user()->admin) {
|
||||
foreach (identity::group_ids_for_active_user() as $id) {
|
||||
$view_restrictions[] = array("items.view_$id", "=", access::DENY);
|
||||
}
|
||||
}
|
||||
}
|
||||
if (count($view_restrictions)) {
|
||||
$model->and_open()->merge_or_where($view_restrictions)->close();
|
||||
$model->and_open()->join("items_albumpasswords", "items.id", "items_albumpasswords.album_id", "LEFT OUTER")
|
||||
->and_where("items_albumpasswords.album_id", "IS", NULL)
|
||||
->or_where("items_albumpasswords.password", "=", cookie::get("g3_albumpassword"))
|
||||
->or_where("items.owner_id", "=", identity::active_user()->id)->close();
|
||||
}
|
||||
|
||||
return $model;
|
||||
|
@ -20,32 +20,19 @@
|
||||
|
||||
class item extends item_Core {
|
||||
static function viewable($model) {
|
||||
// Hide the contents of a password protected album,
|
||||
// Unless the current user is an admin, or the albums owner.
|
||||
// Hide password protected albums until the correct password is entered,
|
||||
// unless the current user is an admin, or the albums owner.
|
||||
|
||||
$model = item_Core::viewable($model);
|
||||
$album_item = ORM::factory("item")->where("id", "=", $model->id)->find();
|
||||
|
||||
// Figure out if the user can access this album.
|
||||
$deny_access = false;
|
||||
$existing_password = ORM::factory("items_albumpassword")->where("album_id", "=", $model->id)->find();
|
||||
if ($existing_password->loaded()) {
|
||||
if ((cookie::get("g3_albumpassword") != $existing_password->password) &&
|
||||
(identity::active_user()->id != $album_item->owner_id))
|
||||
$deny_access = true;
|
||||
}
|
||||
|
||||
// set access::DENY if necessary.
|
||||
$view_restrictions = array();
|
||||
if ($deny_access == true) {
|
||||
// If the user is an admin, don't hide anything anything.
|
||||
// If not, hide whatever is restricted by an album password
|
||||
// that the current user is not the owner of.
|
||||
if (!identity::active_user()->admin) {
|
||||
foreach (identity::group_ids_for_active_user() as $id) {
|
||||
$view_restrictions[] = array("items.view_$id", "=", access::DENY);
|
||||
}
|
||||
}
|
||||
}
|
||||
if (count($view_restrictions)) {
|
||||
$model->and_open()->merge_or_where($view_restrictions)->close();
|
||||
$model->and_open()->join("items_albumpasswords", "items.id", "items_albumpasswords.album_id", "LEFT OUTER")
|
||||
->and_where("items_albumpasswords.album_id", "IS", NULL)
|
||||
->or_where("items_albumpasswords.password", "=", cookie::get("g3_albumpassword"))
|
||||
->or_where("items.owner_id", "=", identity::active_user()->id)->close();
|
||||
}
|
||||
|
||||
return $model;
|
||||
|
Reference in New Issue
Block a user