diff options
author | Brett Profitt <brett.profitt@gmail.com> | 2012-02-17 16:19:56 -0800 |
---|---|---|
committer | Brett Profitt <brett.profitt@gmail.com> | 2012-02-17 16:19:56 -0800 |
commit | b09db0ec2a35590cb13cda6ed053edc10e671035 (patch) | |
tree | e6f6c88d1d930ac9894e275910c541ce59d3f253 /classes/TidypicsAlbum.php | |
parent | 894ea6758f3f99c49807df99ef4bbd95f74273dc (diff) | |
download | elgg-b09db0ec2a35590cb13cda6ed053edc10e671035.tar.gz elgg-b09db0ec2a35590cb13cda6ed053edc10e671035.tar.bz2 |
Refs #18. Doing an access check on TidypicsAlbum->getImageList() to only return images the current user can access.
This is a simple fix, but requires an extra DB call for the first getImageList() call.
Diffstat (limited to 'classes/TidypicsAlbum.php')
-rw-r--r-- | classes/TidypicsAlbum.php | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/classes/TidypicsAlbum.php b/classes/TidypicsAlbum.php index d069117bf..3d7d12b32 100644 --- a/classes/TidypicsAlbum.php +++ b/classes/TidypicsAlbum.php @@ -9,7 +9,6 @@ class TidypicsAlbum extends ElggObject { - /** * Sets the internal attributes */ @@ -186,6 +185,17 @@ class TidypicsAlbum extends ElggObject { return array(); } $list = unserialize($listString); + + // check access levels + $guidsString = implode(',', $list); + $options = array( + 'wheres' => array("e.guid IN ($guidsString)"), + 'order_by' => "FIELD (e.guid, $guidsString)", + 'callback' => 'tp_guid_callback', + 'limit' => ELGG_ENTITIES_NO_VALUE + ); + + $list = elgg_get_entities($options); return $list; } @@ -211,7 +221,7 @@ class TidypicsAlbum extends ElggObject { } /** - * Get the previous image in the album + * Get the previous image in the album. Wraps around to the last image if given the first. * * @param int $guid GUID of the current image * @return TidypicsImage @@ -230,7 +240,7 @@ class TidypicsAlbum extends ElggObject { } /** - * Get the next image in the album + * Get the next image in the album. Wraps around to the first image if given the last. * * @param int $guid GUID of the current image * @return TidypicsImage @@ -282,9 +292,10 @@ class TidypicsAlbum extends ElggObject { /** * Delete all the images in this album + * + * @todo ElggBatch? */ protected function deleteImages() { - // get all the images from this album as long as less than 999 images $images = elgg_get_entities(array( "type=" => "object", "subtype" => "image", |