If a user doesn't have permission to view an image, not only will we hide it from the search results, we'll also disallow them access, redirecting them to post/list.
This commit is contained in:
parent
eaca520f75
commit
ee4e7a4471
@ -119,6 +119,21 @@ class Ratings implements Extension {
|
||||
$event->add_querylet(new Querylet("rating = ?", array($char)));
|
||||
}
|
||||
}
|
||||
|
||||
if($event instanceof DisplayingImageEvent) {
|
||||
/**
|
||||
* Deny images upon insufficient permissions.
|
||||
**/
|
||||
global $user, $database, $page;
|
||||
$user_view_level = Ratings::get_user_privs($user);
|
||||
$user_view_level = preg_split('//', $user_view_level, -1);
|
||||
$image_level = $database->get_row("SELECT `rating` FROM `images` WHERE id =?",$event->image->id);
|
||||
$image_level = $image_level["rating"];
|
||||
if(!in_array($image_level, $user_view_level)) {
|
||||
$page->set_mode("redirect");
|
||||
$page->set_redirect(make_link("post/list"));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public static function get_user_privs($user) {
|
||||
|
Loading…
x
Reference in New Issue
Block a user