From ee4e7a4471a9957a1133c636834df192ea01a3f8 Mon Sep 17 00:00:00 2001
From: Zach Hall <zach@sosguy.net>
Date: Tue, 23 Mar 2010 21:09:51 -0700
Subject: [PATCH] If a user doesn't have permission to view an image, not only
 will we hide it from the search results, we'll also disallow them access,
 redirecting them to post/list.

---
 contrib/rating/main.php | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/contrib/rating/main.php b/contrib/rating/main.php
index 92c26af2..ae6aa4e5 100644
--- a/contrib/rating/main.php
+++ b/contrib/rating/main.php
@@ -119,6 +119,21 @@ class Ratings implements Extension {
 				$event->add_querylet(new Querylet("rating = ?", array($char)));
 			}
 		}
+		
+		if($event instanceof DisplayingImageEvent) {
+			/**
+			 * Deny images upon insufficient permissions.
+			 **/
+			global $user, $database, $page;
+			$user_view_level = Ratings::get_user_privs($user);
+			$user_view_level = preg_split('//', $user_view_level, -1);
+			$image_level = $database->get_row("SELECT  `rating` FROM  `images` WHERE id =?",$event->image->id);
+			$image_level = $image_level["rating"];
+			if(!in_array($image_level, $user_view_level)) {
+				$page->set_mode("redirect");
+				$page->set_redirect(make_link("post/list"));
+			}
+		}
 	}
 
 	public static function get_user_privs($user) {