diff options
author | Cash Costello <cash.costello@gmail.com> | 2012-07-13 22:30:51 -0400 |
---|---|---|
committer | Cash Costello <cash.costello@gmail.com> | 2012-07-13 22:30:51 -0400 |
commit | f611a0505343629bb3c353647334f039bbed48af (patch) | |
tree | e6f6c88d1d930ac9894e275910c541ce59d3f253 | |
parent | 54bc5844dfe6cb684c7aecaf1be5ee8071d98fe0 (diff) | |
parent | b09db0ec2a35590cb13cda6ed053edc10e671035 (diff) | |
download | elgg-f611a0505343629bb3c353647334f039bbed48af.tar.gz elgg-f611a0505343629bb3c353647334f039bbed48af.tar.bz2 |
Added Brett's access check on photos
-rw-r--r-- | classes/TidypicsAlbum.php | 19 | ||||
-rw-r--r-- | lib/tidypics.php | 10 |
2 files changed, 25 insertions, 4 deletions
diff --git a/classes/TidypicsAlbum.php b/classes/TidypicsAlbum.php index d069117bf..3d7d12b32 100644 --- a/classes/TidypicsAlbum.php +++ b/classes/TidypicsAlbum.php @@ -9,7 +9,6 @@ class TidypicsAlbum extends ElggObject { - /** * Sets the internal attributes */ @@ -186,6 +185,17 @@ class TidypicsAlbum extends ElggObject { return array(); } $list = unserialize($listString); + + // check access levels + $guidsString = implode(',', $list); + $options = array( + 'wheres' => array("e.guid IN ($guidsString)"), + 'order_by' => "FIELD (e.guid, $guidsString)", + 'callback' => 'tp_guid_callback', + 'limit' => ELGG_ENTITIES_NO_VALUE + ); + + $list = elgg_get_entities($options); return $list; } @@ -211,7 +221,7 @@ class TidypicsAlbum extends ElggObject { } /** - * Get the previous image in the album + * Get the previous image in the album. Wraps around to the last image if given the first. * * @param int $guid GUID of the current image * @return TidypicsImage @@ -230,7 +240,7 @@ class TidypicsAlbum extends ElggObject { } /** - * Get the next image in the album + * Get the next image in the album. Wraps around to the first image if given the last. * * @param int $guid GUID of the current image * @return TidypicsImage @@ -282,9 +292,10 @@ class TidypicsAlbum extends ElggObject { /** * Delete all the images in this album + * + * @todo ElggBatch? */ protected function deleteImages() { - // get all the images from this album as long as less than 999 images $images = elgg_get_entities(array( "type=" => "object", "subtype" => "image", diff --git a/lib/tidypics.php b/lib/tidypics.php index 7426a048e..38c6b31a8 100644 --- a/lib/tidypics.php +++ b/lib/tidypics.php @@ -190,6 +190,16 @@ function tidypics_list_photos(array $options = array()) { return elgg_view_entity_list($sorted_entities, $options); } +/** + * Returns just a guid from a database $row. Used in elgg_get_entities()'s callback. + * + * @param stdClass $row + * @return type + */ +function tp_guid_callback($row) { + return ($row->guid) ? $row->guid : false; +} + /********************************************************************* * the functions below replace broken core functions or add functions |