1 files changed, 11 insertions, 3 deletions

diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php
index 0b0dcbc1..4148049a 100644
--- a/modules/gallery/helpers/access.php
+++ b/modules/gallery/helpers/access.php
@@ -99,8 +99,12 @@ class access_Core {
       return true;
     }
 
+    // Use the nearest parent album (including the current item) so that we take advantage
+    // of the cache when checking many items in a single album.
+    $id = ($item->type == "album") ? $item->id : $item->parent_id;
     $resource = $perm_name == "view" ?
-      $item : model_cache::get("access_cache", $item->id, "item_id");
+      $item : model_cache::get("access_cache", $id, "item_id");
+
     foreach ($user->groups() as $group) {
       if ($resource->__get("{$perm_name}_{$group->id}") === access::ALLOW) {
         return true;
@@ -136,8 +140,12 @@ class access_Core {
    * @return boolean
    */
   static function group_can($group, $perm_name, $item) {
+    // Use the nearest parent album (including the current item) so that we take advantage
+    // of the cache when checking many items in a single album.
+    $id = ($item->type == "album") ? $item->id : $item->parent_id;
     $resource = $perm_name == "view" ?
-      $item : model_cache::get("access_cache", $item->id, "item_id");
+      $item : model_cache::get("access_cache", $id, "item_id");
+
     return $resource->__get("{$perm_name}_{$group->id}") === access::ALLOW;
   }
 
@@ -426,7 +434,7 @@ class access_Core {
     $session = Session::instance();
     $csrf = $session->get("csrf");
     if (empty($csrf)) {
-      $csrf = md5(rand());
+      $csrf = random::hash();
       $session->set("csrf", $csrf);
     }
     return $csrf;