If a user doesn't have permission to view an image, not only will we hide it from the search results, we'll also disallow them access, redirecting them to post/list.

This commit is contained in:
Zach Hall 2010-03-23 21:09:51 -07:00 committed by Shish
parent eaca520f75
commit ee4e7a4471

View File

@ -119,6 +119,21 @@ class Ratings implements Extension {
$event->add_querylet(new Querylet("rating = ?", array($char)));
}
}
if($event instanceof DisplayingImageEvent) {
/**
* Deny images upon insufficient permissions.
**/
global $user, $database, $page;
$user_view_level = Ratings::get_user_privs($user);
$user_view_level = preg_split('//', $user_view_level, -1);
$image_level = $database->get_row("SELECT `rating` FROM `images` WHERE id =?",$event->image->id);
$image_level = $image_level["rating"];
if(!in_array($image_level, $user_view_level)) {
$page->set_mode("redirect");
$page->set_redirect(make_link("post/list"));
}
}
}
public static function get_user_privs($user) {