diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2008-12-31 00:18:24 +0000 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2008-12-31 00:18:24 +0000 |
| commit | ad719b9b6f3391da1ba7e481890317cdc409c616 (patch) | |
| tree | d809173b1dbdd3cf4e05a9bc5984d3aa4c0398f3 /core/controllers/file_proxy.php | |
| parent | cbbbc23c2f5f1f4b5325f1a25251e419b512733f (diff) | |
Fully implement the view_full permission.
Diffstat (limited to 'core/controllers/file_proxy.php')
| -rw-r--r-- | core/controllers/file_proxy.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/core/controllers/file_proxy.php b/core/controllers/file_proxy.php index 30117f07..3cf915a6 100644 --- a/core/controllers/file_proxy.php +++ b/core/controllers/file_proxy.php @@ -95,6 +95,11 @@ class File_Proxy_Controller extends Controller { kohana::show_404(); } + // Make sure we have view_full access to the original + if ($type == "albums" && !access::can("view_full", $item)) { + kohana::show_404(); + } + // Don't try to load a directory if ($type == "albums" && $item->is_album()) { kohana::show_404(); |