From 6e54580f56c47a6c4e0b24e6b7d4dd895448aa33 Mon Sep 17 00:00:00 2001
From: Daku <dakutree@codeanimu.net>
Date: Mon, 3 Feb 2014 15:35:42 +0000
Subject: [PATCH] check for permissions

---
 ext/numeric_score/main.php    |  4 +++-
 ext/pools/main.php            | 18 ++++++++++--------
 ext/relatationships/main.php  |  6 ++----
 ext/relatationships/theme.php | 17 +++++++++++------
 4 files changed, 26 insertions(+), 19 deletions(-)

diff --git a/ext/numeric_score/main.php b/ext/numeric_score/main.php
index ca3782b8..1e11f057 100644
--- a/ext/numeric_score/main.php
+++ b/ext/numeric_score/main.php
@@ -262,7 +262,9 @@ class NumericScore extends Extension {
 		if(preg_match("/^vote[=|:](up|down|remove)$/", $event->term, $matches)) {
 			global $user;
 			$score = ($matches[1] == "up" ? 1 : ($matches[1] == "down" ? -1 : 0));
-			send_event(new NumericScoreSetEvent($event->id, $user, $score));
+			if(!$user->is_anonymous()) {
+				send_event(new NumericScoreSetEvent($event->id, $user, $score));
+			}
 		}
 
 		if(!empty($matches)) $event->metatag = true;
diff --git a/ext/pools/main.php b/ext/pools/main.php
index d67c1e7f..7f08554f 100644
--- a/ext/pools/main.php
+++ b/ext/pools/main.php
@@ -319,16 +319,18 @@ class Pools extends Extension {
 		$matches = array();
 
 		if(preg_match("/^pool[=|:](.*)$/i", $event->term, $matches)) {
+			global $user;
 			$poolTag = (string) str_replace("_", " ", $matches[1]);
 
-			if(ctype_digit($poolTag)){ //Assume tag is poolID
-				if($this->get_single_pool($poolTag)){
-					$this->add_post($poolTag, $event->id, true);
-				}
-			}else{ //Assume tag is poolTitle
-				if($pool = $this->get_single_pool_from_title($poolTag)){
-					$this->add_post($pool['id'], $event->id, true);
-				}
+			$pool = null;
+			if(ctype_digit($poolTag)){ //If only digits, assume PoolID
+				$pool = $this->get_single_pool($poolTag);
+			}else{ //assume PoolTitle
+				$pool = $this->get_single_pool_from_title($poolTag);
+			}
+
+			if($pool ? $this->have_permission($user, $pool) : FALSE){
+				$this->add_post($pool['id'], $event->id, true);
 			}
 		}
 
diff --git a/ext/relatationships/main.php b/ext/relatationships/main.php
index 478b24cd..4bbc17cf 100644
--- a/ext/relatationships/main.php
+++ b/ext/relatationships/main.php
@@ -22,10 +22,8 @@ class Relationships extends Extension {
 
 	public function onImageInfoSet(ImageInfoSetEvent $event) {
         global $user;
-		if (isset($_POST["tag_edit__parent"])) {
-			if(ctype_digit($_POST["tag_edit__parent"])){
-				$this->set_parent($event->image->id, (int) $_POST["tag_edit__parent"]);
-			}
+		if (isset($_POST["tag_edit__parent"]) ? ctype_digit($_POST["tag_edit__parent"]) : FALSE) {
+			$this->set_parent($event->image->id, (int) $_POST["tag_edit__parent"]);
 		}
 	}
 
diff --git a/ext/relatationships/theme.php b/ext/relatationships/theme.php
index 76131b4d..b40c6289 100644
--- a/ext/relatationships/theme.php
+++ b/ext/relatationships/theme.php
@@ -24,16 +24,21 @@ class RelationshipsTheme extends Themelet {
 	}
 
 	public function get_parent_editor_html(Image $image) {
+		global $user;
 		$h_parent_id = $image->parent_id;
 		$s_parent_id = $h_parent_id ?: "None.";
 
 		$html = "<tr>\n".
-				"	<th>Parent</th>\n".
-				"	<td>\n".
-				"		<span class='view' style='overflow: hidden; white-space: nowrap;'>{$s_parent_id}</span>\n".
-				"		<input class='edit' type='text' name='tag_edit__parent' type='number' value='{$h_parent_id}'>\n".
-				"	<td>\n".
-				"</tr>\n";
+		        "	<th>Parent</th>\n".
+		        "	<td>\n".
+		        (!$user->is_anonymous() ?
+		            "		<span class='view' style='overflow: hidden; white-space: nowrap;'>{$s_parent_id}</span>\n".
+		            "		<input class='edit' type='text' name='tag_edit__parent' type='number' value='{$h_parent_id}'>\n"
+		        :
+		            $s_parent_id
+		        ).
+		        "	<td>\n".
+		        "</tr>\n";
 		return $html;
 	}
 }