From 4a0e4b798e6ea3341b1bbc902b9e1e5f2c96692d Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Tue, 9 Dec 2008 10:14:09 +0000
Subject: Check view permissions before allowing view access to albums/photos.

---
 core/controllers/photos.php | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'core/controllers/photos.php')

diff --git a/core/controllers/photos.php b/core/controllers/photos.php
index 7a599f4b..8b3e81fc 100644
--- a/core/controllers/photos.php
+++ b/core/controllers/photos.php
@@ -23,6 +23,10 @@ class Photos_Controller extends Items_Controller {
    *  @see Rest_Controller::_show($resource)
    */
   public function _show($item) {
+    if (!access::can("view", $item->id)) {
+      return Kohana::show_404();
+    }
+
     // @todo: this needs to be data-driven
     $template = new Theme_View("page.html", "photo", "default");
 
-- 
cgit v1.2.3