]> git.mxchange.org Git - friendica.git/blobdiff - mod/photos.php
projects / friendica.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch 'pull'
[friendica.git] / mod / photos.php
diff --git a/mod/photos.php b/mod/photos.php
index f8059fc08e1aa46103bdcf3a76b756f0fb4ee390..cb13b760364e72df276db5c3db5dc8eeeef0e074 100644 (file)
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -3,6 +3,7 @@ require_once('include/Photo.php');
 require_once('include/items.php');
 require_once('include/acl_selectors.php');
 require_once('include/bbcode.php');
+require_once('include/security.php');
 
 function photos_init(&$a) {
 
@@ -23,39 +24,7 @@ function photos_init(&$a) {
 
                $a->data['user'] = $r[0];
 
-
-               // default permissions - anonymous user
-
-               $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
-
-               // Profile owner - everything is visible
-
-               if(local_user() && (local_user() == $a->data['user']['uid'])) {
-                       $sql_extra = '';        
-               }
-               elseif(remote_user()) {
-
-                       $groups = init_groups_visitor(remote_user());
-
-                       // authenticated visitor - here lie dragons
-                       $gs = '<<>>'; // should be impossible to match
-                       if(count($groups)) {
-                               foreach($groups as $g)
-                                       $gs .= '|<' . intval($g) . '>';
-                       } 
-                       $sql_extra = sprintf(
-                               " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) 
-                                 AND ( `deny_cid`  = '' OR  NOT `deny_cid` REGEXP '<%d>' ) 
-                                 AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )
-                                 AND ( `deny_gid`  = '' OR NOT `deny_gid` REGEXP '%s') ",
-
-                               intval(remote_user()),
-                               intval(remote_user()),
-                               dbesc($gs),
-                               dbesc($gs)
-                       );
-               }
-
+               $sql_extra = permissions_sql($a->data['user']['uid']);
 
                $albums = q("SELECT distinct(`album`) AS `album` FROM `photo` WHERE `uid` = %d $sql_extra ",
                        intval($a->data['user']['uid'])
@@ -806,8 +775,6 @@ function photos_content(&$a) {
 
        $owner_uid = $a->data['user']['uid'];
 
-
-
        $community_page = (($a->data['user']['page-flags'] == PAGE_COMMUNITY) ? true : false);
 
        if((local_user()) && (local_user() == $owner_uid))
@@ -849,43 +816,12 @@ function photos_content(&$a) {
                }
        }
 
-       $r = q("SELECT `hidewall` FROM `profile` WHERE `uid` = %d AND `is-default` = 1 LIMIT 1",
-               intval($owner_uid)
-       );
-
-       if(count($r) && $r[0]['hidewall'] && (local_user() != $owner_uid) && (! $remote_contact)) {
+       if($a->data['user']['hidewall'] && (local_user() != $owner_uid) && (! $remote_contact)) {
                notice( t('Access to this item is restricted.') . EOL);
                return;
        }
 
-       // default permissions - anonymous user
-
-       $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
-
-       // Profile owner - everything is visible
-
-       if(local_user() && (local_user() == $owner_uid)) {
-               $sql_extra = '';        
-       }
-       elseif(remote_user()) {
-               // authenticated visitor - here lie dragons
-               $gs = '<<>>'; // should be impossible to match
-               if(count($groups)) {
-                       foreach($groups as $g)
-                               $gs .= '|<' . intval($g) . '>';
-               } 
-               $sql_extra = sprintf(
-                       " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) 
-                         AND ( `deny_cid`  = '' OR  NOT `deny_cid` REGEXP '<%d>' ) 
-                         AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )
-                         AND ( `deny_gid`  = '' OR NOT `deny_gid` REGEXP '%s') ",
-
-                       intval(remote_user()),
-                       intval(remote_user()),
-                       dbesc($gs),
-                       dbesc($gs)
-               );
-       }
+       $sql_extra = permissions_sql($owner_uid,$remote_contact,$groups);
 
        $o = "";
 
@@ -967,7 +903,7 @@ function photos_content(&$a) {
                $album = hex2bin($datum);
 
                $r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` = '%s' 
-                       $sql_extra GROUP BY `resource-id`",
+                       AND `scale` <= 4 $sql_extra GROUP BY `resource-id`",
                        intval($owner_uid),
                        dbesc($album)
                );
@@ -977,7 +913,7 @@ function photos_content(&$a) {
                }
 
                $r = q("SELECT `resource-id`, `id`, `filename`, max(`scale`) AS `scale`, `desc` FROM `photo` WHERE `uid` = %d AND `album` = '%s' 
-                       $sql_extra GROUP BY `resource-id` ORDER BY `created` DESC LIMIT %d , %d",
+                       AND `scale` <= 4 $sql_extra GROUP BY `resource-id` ORDER BY `created` DESC LIMIT %d , %d",
                        intval($owner_uid),
                        dbesc($album),
                        intval($a->pager['start']),
@@ -1170,6 +1106,7 @@ function photos_content(&$a) {
                }
 
                $tags=Null;
+
                if(count($linked_items) && strlen($link_item['tag'])) {
                        $arr = explode(',',$link_item['tag']);
                        // parse tags and add links
Unnamed repository; edit this file 'description' to name the repository.