From a8376b4033d8ff8880198cf37f4c0ba9d94d0316 Mon Sep 17 00:00:00 2001
From: Cash Costello <cash.costello@gmail.com>
Date: Wed, 20 May 2009 12:03:54 +0000
Subject: only owners and friends of owner can tag photos

---
 views/default/tidypics/image_menu.php | 8 +++++++-
 views/default/tidypics/tagging.php    | 3 ++-
 2 files changed, 9 insertions(+), 2 deletions(-)

(limited to 'views/default/tidypics')

diff --git a/views/default/tidypics/image_menu.php b/views/default/tidypics/image_menu.php
index 269fcce8f..dcec9b35a 100644
--- a/views/default/tidypics/image_menu.php
+++ b/views/default/tidypics/image_menu.php
@@ -11,9 +11,15 @@
 	 **************************************************************************/
 
 	$file_guid = $vars['file_guid'];
+	$viewer = $vars['viewer'];
+	$owner = $vars['owner'];
+	
+	// only owner and friends of owner can tag
+	if ($viewer && $viewer->guid == $owner->guid || user_is_friend($owner->guid, $viewer->guid)) {
 ?>
 <li id="start_tagging"><a id="tag_control" href="javascript:void(0)" onclick="startTagging()"><?= elgg_echo('tidypics:tagthisphoto') ?></a></li>
-<?php 
+<?php
+	}
 	if (get_plugin_setting('download_link', 'tidypics') != "no") { 
 ?>
 <li id="download_image"><a href="<?php echo $vars['url']; ?>action/tidypics/download?file_guid=<?php echo $file_guid; ?>"><?php echo elgg_echo("image:download"); ?></a></li>
diff --git a/views/default/tidypics/tagging.php b/views/default/tidypics/tagging.php
index a97285016..8ba58be4f 100644
--- a/views/default/tidypics/tagging.php
+++ b/views/default/tidypics/tagging.php
@@ -3,6 +3,8 @@
 	$links = $vars['links'];
 	$photo_tags_json = $vars['photo_tags_json'];
 	$file_guid = $vars['file_guid'];
+	$viewer = $vars['viewer'];
+	$owner = $vars['owner'];
 	
 	if ($photo_tags) { 
 ?>
@@ -26,7 +28,6 @@
 <div id="tag_menu">
 <?php
 
-	$viewer = get_loggedin_user();
 	if($viewer) {
 		$friends = get_entities_from_relationship('friend', $viewer->getGUID(), false, 'user', '', 0);
 
-- 
cgit v1.2.3