aboutsummaryrefslogtreecommitdiff
path: root/classes/TidypicsAlbum.php
diff options
context:
space:
mode:
authorBrett Profitt <brett.profitt@gmail.com>2012-02-17 16:19:56 -0800
committerBrett Profitt <brett.profitt@gmail.com>2012-02-17 16:19:56 -0800
commitb09db0ec2a35590cb13cda6ed053edc10e671035 (patch)
treee6f6c88d1d930ac9894e275910c541ce59d3f253 /classes/TidypicsAlbum.php
parent894ea6758f3f99c49807df99ef4bbd95f74273dc (diff)
downloadelgg-b09db0ec2a35590cb13cda6ed053edc10e671035.tar.gz
elgg-b09db0ec2a35590cb13cda6ed053edc10e671035.tar.bz2
Refs #18. Doing an access check on TidypicsAlbum->getImageList() to only return images the current user can access.
This is a simple fix, but requires an extra DB call for the first getImageList() call.
Diffstat (limited to 'classes/TidypicsAlbum.php')
-rw-r--r--classes/TidypicsAlbum.php19
1 files changed, 15 insertions, 4 deletions
diff --git a/classes/TidypicsAlbum.php b/classes/TidypicsAlbum.php
index d069117bf..3d7d12b32 100644
--- a/classes/TidypicsAlbum.php
+++ b/classes/TidypicsAlbum.php
@@ -9,7 +9,6 @@
class TidypicsAlbum extends ElggObject {
-
/**
* Sets the internal attributes
*/
@@ -186,6 +185,17 @@ class TidypicsAlbum extends ElggObject {
return array();
}
$list = unserialize($listString);
+
+ // check access levels
+ $guidsString = implode(',', $list);
+ $options = array(
+ 'wheres' => array("e.guid IN ($guidsString)"),
+ 'order_by' => "FIELD (e.guid, $guidsString)",
+ 'callback' => 'tp_guid_callback',
+ 'limit' => ELGG_ENTITIES_NO_VALUE
+ );
+
+ $list = elgg_get_entities($options);
return $list;
}
@@ -211,7 +221,7 @@ class TidypicsAlbum extends ElggObject {
}
/**
- * Get the previous image in the album
+ * Get the previous image in the album. Wraps around to the last image if given the first.
*
* @param int $guid GUID of the current image
* @return TidypicsImage
@@ -230,7 +240,7 @@ class TidypicsAlbum extends ElggObject {
}
/**
- * Get the next image in the album
+ * Get the next image in the album. Wraps around to the first image if given the last.
*
* @param int $guid GUID of the current image
* @return TidypicsImage
@@ -282,9 +292,10 @@ class TidypicsAlbum extends ElggObject {
/**
* Delete all the images in this album
+ *
+ * @todo ElggBatch?
*/
protected function deleteImages() {
- // get all the images from this album as long as less than 999 images
$images = elgg_get_entities(array(
"type=" => "object",
"subtype" => "image",