If a user doesn't have permission to view an image, not only will we hide it from the search results, we'll also disallow them access, redirecting them to post/list.

contrib/rating/main.php

@@ -119,6 +119,21 @@ class Ratings implements Extension {
 				$event->add_querylet(new Querylet("rating = ?", array($char)));
 			}
 		}
+		
+		if($event instanceof DisplayingImageEvent) {
+			/**
+			 * Deny images upon insufficient permissions.
+			 **/
+			global $user, $database, $page;
+			$user_view_level = Ratings::get_user_privs($user);
+			$user_view_level = preg_split('//', $user_view_level, -1);
+			$image_level = $database->get_row("SELECT  `rating` FROM  `images` WHERE id =?",$event->image->id);
+			$image_level = $image_level["rating"];
+			if(!in_array($image_level, $user_view_level)) {
+				$page->set_mode("redirect");
+				$page->set_redirect(make_link("post/list"));
+			}
+		}
 	}
 
 	public static function get_user_privs($user) {