From b09db0ec2a35590cb13cda6ed053edc10e671035 Mon Sep 17 00:00:00 2001
From: Brett Profitt <brett.profitt@gmail.com>
Date: Fri, 17 Feb 2012 16:19:56 -0800
Subject: Refs #18. Doing an access check on TidypicsAlbum->getImageList() to
 only return images the current user can access. This is a simple fix, but
 requires an extra DB call for the first getImageList() call.

---
 classes/TidypicsAlbum.php | 19 +++++++++++++++----
 lib/tidypics.php          | 10 ++++++++++
 2 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/classes/TidypicsAlbum.php b/classes/TidypicsAlbum.php
index d069117bf..3d7d12b32 100644
--- a/classes/TidypicsAlbum.php
+++ b/classes/TidypicsAlbum.php
@@ -9,7 +9,6 @@
 
 
 class TidypicsAlbum extends ElggObject {
-
 	/**
 	 * Sets the internal attributes
 	 */
@@ -186,6 +185,17 @@ class TidypicsAlbum extends ElggObject {
 			return array();
 		}
 		$list = unserialize($listString);
+
+		// check access levels
+		$guidsString = implode(',', $list);
+		$options = array(
+			'wheres' => array("e.guid IN ($guidsString)"),
+			'order_by' => "FIELD (e.guid, $guidsString)",
+			'callback' => 'tp_guid_callback',
+			'limit' => ELGG_ENTITIES_NO_VALUE
+		);
+		
+		$list = elgg_get_entities($options);
 		return $list;
 	}
 
@@ -211,7 +221,7 @@ class TidypicsAlbum extends ElggObject {
 	}
 
 	/**
-	 * Get the previous image in the album
+	 * Get the previous image in the album. Wraps around to the last image if given the first.
 	 *
 	 * @param int $guid GUID of the current image
 	 * @return TidypicsImage
@@ -230,7 +240,7 @@ class TidypicsAlbum extends ElggObject {
 	}
 
 	/**
-	 * Get the next image in the album
+	 * Get the next image in the album. Wraps around to the first image if given the last.
 	 *
 	 * @param int $guid GUID of the current image
 	 * @return TidypicsImage
@@ -282,9 +292,10 @@ class TidypicsAlbum extends ElggObject {
 
 	/**
 	 * Delete all the images in this album
+	 *
+	 * @todo ElggBatch?
 	 */
 	protected function deleteImages() {
-		// get all the images from this album as long as less than 999 images
 		$images = elgg_get_entities(array(
 			"type=" => "object",
 			"subtype" => "image",
diff --git a/lib/tidypics.php b/lib/tidypics.php
index 7426a048e..38c6b31a8 100644
--- a/lib/tidypics.php
+++ b/lib/tidypics.php
@@ -190,6 +190,16 @@ function tidypics_list_photos(array $options = array()) {
 	return elgg_view_entity_list($sorted_entities, $options);
 }
 
+/**
+ * Returns just a guid from a database $row. Used in elgg_get_entities()'s callback.
+ *
+ * @param stdClass $row
+ * @return type
+ */
+function tp_guid_callback($row) {
+	return ($row->guid) ? $row->guid : false;
+}
+
 
 /*********************************************************************
  * the functions below replace broken core functions or add functions 
-- 
cgit v1.2.3