From 3c100d06ff10d12b1b6b960ba52c5206bac855c4 Mon Sep 17 00:00:00 2001
From: shadlaws <shad@shadlaws.com>
Date: Wed, 12 Jun 2013 07:25:26 +0200
Subject: #2074 - Mirror some additional file_proxy checks in data_rest.

---
 modules/gallery/helpers/data_rest.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'modules/gallery')

diff --git a/modules/gallery/helpers/data_rest.php b/modules/gallery/helpers/data_rest.php
index d4f456d7..a0a225f9 100644
--- a/modules/gallery/helpers/data_rest.php
+++ b/modules/gallery/helpers/data_rest.php
@@ -25,7 +25,6 @@
 class data_rest_Core {
   static function get($request) {
     $item = rest::resolve($request->url);
-    access::required("view", $item);
 
     $p = $request->params;
     if (!isset($p->size) || !in_array($p->size, array("thumb", "resize", "full"))) {
@@ -36,10 +35,16 @@ class data_rest_Core {
     // see if you should make the same change there as well.
 
     if ($p->size == "full") {
+      if ($item->is_album()) {
+        throw new Kohana_404_Exception();
+      }
+      access::required("view_full", $item);
       $file = $item->file_path();
     } else if ($p->size == "resize") {
+      access::required("view", $item);
       $file = $item->resize_path();
     } else {
+      access::required("view", $item);
       $file = $item->thumb_path();
     }
 
-- 
cgit v1.2.3