Hello:
This post should better go at the "Modifications/Add-Ons/Hacks" subforum but I'm not allowed to post there.
As you know, CPG albums have a property (the "visibility" field, type INT) that allows you to limit who can see each one. If this field is less than 10,000 (this number is a constant assigned to FIRST_USER_CAT), it indicates the ID of the group that has permission to view it. If it's greater than 10,000, it indicates the ID of the user with permission (uid = Visibility - 10,000). And if it's 0, the album is public to everyone. All of this is explained in the documentation.
The way CPG implements this property when displaying album thumbnails is filtering at the "picture" level. I mean that CPG creates a WHERE clause that applies a filter to the pictures (the thumbnails you see), discarding those that belong to an album with permissions that the current user doesn't have access to. The code of the WHERE sentence is implemented in the get_private_album_set function (functions.inc.php), and then this sentence is used by all the SQL querys that select the thumbnails (get_pic_data function in functions.inc.php).
But this filter doesn't apply to "linked pictures" (linked via the "keywords" field), so these pictures will still appear for everybody although the album has a visibility restriction. Obviously, if an album contains only owned images (uploaded directly to it) and we apply visibility permissions to the album, no pictures will appear for unauthorized users. In my opinion, albums with "visibility restriction" should never show any picture (owned nor linked).
Certain that CPG does, when displaying album lists, is to "hide the link" to albums with no permissions for the current user, but there's still the possibility to watch them, by example writting the link in the address bar of the navigator, what I consider a "back door" to access to these restricted albums.
To prevent this, my suggestion is to implement an "album level" restriction. I implemented the following code, that directly denies permissions to a single album that the current user should not see. Notice that it only applies when watching an specific album, it has no sense when watching category thumbnails. This code is inserted at the beginning of the `get_pic_data` function (functions.inc.php):
// if we're viewing an specific album, the variable "$alb_id" will contain its Identificator; otherwise it will contain -1 and we do not apply any restriction
$alb_id = is_numeric($album) ? $album : ($cat < 0 ? -$cat : -1);
if ($alb_id > 0 && !GALLERY_ADMIN_MODE) {
$result = cpg_db_query("SELECT visibility FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid = {$alb_id}");
list($visibility) = $result->fetchRow(true);
if ($visibility != 0) {
if ((($visibility > FIRST_USER_CAT) && ($visibility - FIRST_USER_CAT != USER_ID)) OR
(($visibility < FIRST_USER_CAT) && !in_array($visibility, $USER_DATA['groups']))) {
cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
}
}
}
Hoping this may be useful for somebody ...
Regards