# packages/acs-subsite/www/image.vuh # # Subsite handler for images # # @author Dave Bauer (dave@thedesignexperience.org) # @creation-date 2006-08-01 # @cvs-id $Id: image.vuh,v 1.2.2.1 2007/04/06 17:02:15 daveb Exp $ set url [ad_conn path_info] if {![regexp {^/([0-9]{1,8})(/(|thumbnail|info))?(/(private)/([0-9]{1,8}))?(/(.*))?$} $url match object_id extra_arg_slash extra_arg private_slash private private_parent_id filename_slash filename anchor]} { ad_return_warning "Invalid object id" [subst { The identifier given for this object (${object_id}) is invalid. Please check your url or contact the webmaster if you think it should work. }] return } # check permissions! if {$private eq "private"} { # find if the image has a parent link to the object # that is, if the image is used in a content item and you can read the # content item, you can read the image regardless of the permissions if {![application_data_link::link_exists \ -from_object_id $private_parent_id \ -to_object_id $object_id]} { # if the link does not exist it might be # because its a new object # that means you uploaded the image so you can see it in the editor while you are working on it if {![permission::permission_p \ -object_id $object_id \ -privilege "read" \ -party_id [ad_conn user_id]]} { # if you don't have permission to see it, it doesn't exist ns_returnnotfound ad_script_abort } } elseif {![permission::permission_p \ -privilege "read" \ -object_id $private_parent_id \ -party_id [ad_conn user_id]]} { ns_returnnotfound ad_script_abort } } elseif {$extra_arg eq ""} { if {![permission::permission_p \ -privilege "read" \ -object_id $object_id \ -party_id [ad_conn user_id]]} { ns_returnnotfound ad_script_abort } } # find a cr_item and serve it if {$extra_arg eq "thumbnail"} { #find the thumbnail object_id set object_id [image::get_resized_item_id -item_id $object_id -size_name thumbnail] } if {$extra_arg eq "info"} { rp_form_put item_id $object_id rp_form_put filename $filename rp_internal_redirect "/packages/acs-content-repository/www/image-info" ad_script_abort } else { cr_write_content -item_id $object_id }