# packages/acs-subsite/www/image.vuh
#
# Subsite handler for images
#
# @author Dave Bauer (dave@thedesignexperience.org)
# @creation-date 2006-08-01
# @cvs-id $Id: file.vuh,v 1.6 2007/05/14 20:30:24 donb Exp $

if {![regexp {^/([0-9]{1,8})(/(private)/([0-9]{1,8}))?(/(.*))?$} [ad_conn path_info] match object_id private_slash private dummy anchor]} {
    ad_return_warning "Invalid object id" [subst {
        The identifier given for this object is invalid.  Please check your url 
        or contact the webmaster if you think it should work.
    }]
    return
}

# check permissions!
if {$private eq "private"} {
    # find if the image has a parent link to the object
    # that is, if the image is used in a content item and you can read the
    # content item, you can read the image regardless of the permissions
    
    if {![application_data_link::link_exists \
	      -from_object_id $private_parent_id \
	      -to_object_id $object_id]} {
	# if the link does not exist it might be
	# because its a new object
	# that means you uploaded the image so you can see it in the editor while you are working on it
	if {![permission::permission_p \
		  -object_id $object_id \
		  -privilege "read" \
		  -party_id [ad_conn user_id]]} {
	    # if you don't have permission to see it, it doesn't exist
	    ns_returnnotfound
	    ad_script_abort
	}
    } elseif {![permission::permission_p \
		    -privilege "read" \
		    -object_id $private_parent_id \
		    -party_id [ad_conn user_id]]} {
	ns_returnnotfound
	ad_script_abort
    } else {
	permission::require_permission \
	    -privilege "read" \
	    -object_id $object_id \
	    -party_id [ad_conn user_id]
    }
}

if {[apm_package_installed_p views]} {
	set user_id [ad_conn user_id]
	views::record_view -object_id $object_id -viewer_id $user_id
}

# find a cr_item and serve it

cr_write_content -item_id $object_id