diff options
| -rw-r--r-- | modules/gallery/helpers/access.php | 2 | ||||
| -rw-r--r-- | modules/gallery/models/item.php | 22 |
2 files changed, 5 insertions, 19 deletions
diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index c84527f4..2faa922b 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -95,7 +95,7 @@ class access_Core { return false; } - if ($user->admin) { + if ($user->admin && $item->owner_id == $user->id) { return true; } diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 129bd77f..99d1ca6d 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -38,31 +38,17 @@ class Item_Model extends ORM_MPTT { if (user::active()->admin) { $this->view_restrictions = array(); } else { + $this->view_restrictions["owner_id"] = user::active()->id; foreach (user::group_ids() as $id) { - // Separate the first restriction from the rest to make it easier for us to formulate - // our where clause below - if (empty($this->view_restrictions)) { - $this->view_restrictions[0] = "view_$id"; - } else { - $this->view_restrictions[1]["view_$id"] = access::ALLOW; - } + $this->view_restrictions["view_$id"] = access::ALLOW; } } } - switch (count($this->view_restrictions)) { - case 0: - break; - case 1: - $this->where($this->view_restrictions[0], access::ALLOW); - break; - - default: + if (!empty($this->view_restrictions)) { $this->open_paren(); - $this->where($this->view_restrictions[0], access::ALLOW); - $this->orwhere($this->view_restrictions[1]); + $this->orwhere($this->view_restrictions); $this->close_paren(); - break; } return $this; |