#2074 - Mirror some additional file_proxy checks in data_rest.

author: shadlaws <shad@shadlaws.com> 2013-06-12 07:25:26 +0200
committer: shadlaws <shad@shadlaws.com> 2013-06-12 07:25:26 +0200
commit: 3c100d06ff10d12b1b6b960ba52c5206bac855c4 (patch)
tree: 870d2fafe600b09cfb000161bc512fca2f48f36d /modules/gallery/helpers/data_rest.php
parent: 53d3fa81252f1c033cb3c462b1714865088139cb (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/modules/gallery/helpers/data_rest.php b/modules/gallery/helpers/data_rest.php
index d4f456d7..a0a225f9 100644
--- a/modules/gallery/helpers/data_rest.php
+++ b/modules/gallery/helpers/data_rest.php
@@ -25,7 +25,6 @@
 class data_rest_Core {
   static function get($request) {
     $item = rest::resolve($request->url);
-    access::required("view", $item);
 
     $p = $request->params;
     if (!isset($p->size) || !in_array($p->size, array("thumb", "resize", "full"))) {
@@ -36,10 +35,16 @@ class data_rest_Core {
     // see if you should make the same change there as well.
 
     if ($p->size == "full") {
+      if ($item->is_album()) {
+        throw new Kohana_404_Exception();
+      }
+      access::required("view_full", $item);
       $file = $item->file_path();
     } else if ($p->size == "resize") {
+      access::required("view", $item);
       $file = $item->resize_path();
     } else {
+      access::required("view", $item);
       $file = $item->thumb_path();
     }
author	shadlaws <shad@shadlaws.com>	2013-06-12 07:25:26 +0200
committer	shadlaws <shad@shadlaws.com>	2013-06-12 07:25:26 +0200
commit	3c100d06ff10d12b1b6b960ba52c5206bac855c4 (patch)
tree	870d2fafe600b09cfb000161bc512fca2f48f36d /modules/gallery/helpers/data_rest.php
parent	53d3fa81252f1c033cb3c462b1714865088139cb (diff)