2 files changed, 19 insertions, 5 deletions

diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php
index 8c6f5d54..949aea84 100644
--- a/modules/gallery/helpers/access.php
+++ b/modules/gallery/helpers/access.php
@@ -95,7 +95,7 @@ class access_Core {
       return false;
     }
 
-    if ($user->admin && $item->owner_id == $user->id) {
+    if ($user->admin) {
       return true;
     }
 
diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php
index 45561380..d9dd88f5 100644
--- a/modules/gallery/models/item.php
+++ b/modules/gallery/models/item.php
@@ -38,17 +38,31 @@ class Item_Model extends ORM_MPTT {
       if (user::active()->admin) {
         $this->view_restrictions = array();
       } else {
-        $this->view_restrictions["owner_id"] = user::active()->id;
         foreach (user::group_ids() as $id) {
-          $this->view_restrictions["view_$id"] = access::ALLOW;
+          // Separate the first restriction from the rest to make it easier for us to formulate
+          // our where clause below
+          if (empty($this->view_restrictions)) {
+            $this->view_restrictions[0] = "view_$id";
+          } else {
+            $this->view_restrictions[1]["view_$id"] = access::ALLOW;
+          }
         }
       }
     }
+    switch (count($this->view_restrictions)) {
+    case 0:
+      break;
 
-    if (!empty($this->view_restrictions)) {
+    case 1:
+      $this->where($this->view_restrictions[0], access::ALLOW);
+      break;
+
+    default:
       $this->open_paren();
-      $this->orwhere($this->view_restrictions);
+      $this->where($this->view_restrictions[0], access::ALLOW);
+      $this->orwhere($this->view_restrictions[1]);
       $this->close_paren();
+      break;
     }
 
     return $this;