Index: openacs-4/packages/acs-subsite/www/file.vuh
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/www/file.vuh,v
diff -u -r1.7.4.1 -r1.7.4.2
--- openacs-4/packages/acs-subsite/www/file.vuh	16 May 2009 00:24:24 -0000	1.7.4.1
+++ openacs-4/packages/acs-subsite/www/file.vuh	27 May 2009 11:56:30 -0000	1.7.4.2
@@ -6,7 +6,7 @@
 # @creation-date 2006-08-01
 # @cvs-id $Id$
 
-if {![regexp {^/([0-9]{1,8})(/(private)/([0-9]{1,8}))?(/(.*))?$} [ad_conn path_info] match object_id private_slash private dummy anchor]} {
+if {![regexp {^/([0-9]{1,8})(/(private)/([0-9]{1,8}))?(/(.*))?$} [ad_conn path_info] match object_id private_slash private private_parent_id anchor]} {
     ad_return_warning "Invalid object id" [subst {
         The identifier given for this object is invalid.  Please check your url 
         or contact the webmaster if you think it should work.
@@ -15,42 +15,38 @@
 }
 
 # check permissions!
-if {$private eq "private"} {
-    # find if the image has a parent link to the object
+if { $private eq "private" } {
+    # find if the item has a parent link to the object
     # that is, if the image is used in a content item and you can read the
     # content item, you can read the image regardless of the permissions
     
-    if {![application_data_link::link_exists \
+    set object_to_check $object_id
+
+    if { [application_data_link::link_exists \
               -from_object_id $private_parent_id \
-              -to_object_id $object_id]} {
+              -to_object_id $object_id] } {
         # if the link does not exist it might be
         # because its a new object
         # that means you uploaded the image so you can see it in the editor while you are working on it
-        if {![permission::permission_p \
-                  -object_id $object_id \
-                  -privilege "read" \
-                  -party_id [ad_conn user_id]]} {
-            # if you don't have permission to see it, it doesn't exist
-            ns_returnnotfound
-            ad_script_abort
-        }
-    } elseif {![permission::permission_p \
-                    -privilege "read" \
-                    -object_id $private_parent_id \
-                    -party_id [ad_conn user_id]]} {
+        set object_to_check $private_parent_id
+    }
+
+    if { ![permission::permission_p \
+               -object_id $object_to_check \
+               -privilege "read" \
+               -party_id [ad_conn user_id]] } {
+        # if you don't have permission to see it, it doesn't exist
         ns_returnnotfound
         ad_script_abort
-    } else {
-        permission::require_permission \
-            -privilege "read" \
-            -object_id $object_id \
-            -party_id [ad_conn user_id]
     }
+
 } else {
+
     permission::require_permission \
         -privilege "read" \
         -object_id $object_id \
         -party_id [ad_conn user_id]
+
 }
 
 # find a cr_item and serve it
Index: openacs-4/packages/acs-subsite/www/image.vuh
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/www/image.vuh,v
diff -u -r1.6 -r1.6.2.1
--- openacs-4/packages/acs-subsite/www/image.vuh	31 Mar 2009 14:56:16 -0000	1.6
+++ openacs-4/packages/acs-subsite/www/image.vuh	27 May 2009 11:56:30 -0000	1.6.2.1
@@ -15,41 +15,36 @@
 }
 
 # check permissions!
-if {$private eq "private"} {
-	# find if the image has a parent link to the object
-	# that is, if the image is used in a content item and you can read the
-	# content item, you can read the image regardless of the permissions
-	
-	if {![application_data_link::link_exists \
-		-from_object_id $private_parent_id \
-		-to_object_id $object_id]} {
-		# if the link does not exist it might be
-	        # because its a new object
-	        # that means you uploaded the image so you can see it in the editor while you are working on it
-		if {![permission::permission_p \
-			-object_id $object_id \
-			-privilege "read" \
-			-party_id [ad_conn user_id]]} {
-			# if you don't have permission to see it, it doesn't exist
-				ns_returnnotfound
-				ad_script_abort
-		}
-	} elseif {![permission::permission_p \
-	-privilege "read" \
-	-object_id $private_parent_id \
-	-party_id [ad_conn user_id]]} {
-	ns_returnnotfound
-	ad_script_abort
-        }
-} elseif {$extra_arg eq ""} {
-	if {![permission::permission_p \
-	    -privilege "read" \
-	    -object_id $object_id \
-	    -party_id [ad_conn user_id]]} {
-		ns_returnnotfound 
-		ad_script_abort
-	}
+if { $private eq "private" } {
+    # find if the image has a parent link to the object
+    # that is, if the image is used in a content item and you can read the
+    # content item, you can read the image regardless of the permissions
+    
+    set object_to_check $object_id
+
+    if { [application_data_link::link_exists \
+              -from_object_id $private_parent_id \
+              -to_object_id $object_id] } {
+        # if the link does not exist it might be
+        # because its a new object
+        # that means you uploaded the image so you can see it in 
+        # the editor while you are working on it
+        set object_to_check $private_parent_id
+    }
+    if {![permission::permission_p \
+              -privilege "read" \
+              -object_id $object_to_check \
+              -party_id [ad_conn user_id]]} {
+        ns_returnnotfound
+        ad_script_abort
+    }
+} else { 
+    permission::require_permission \
+        -privilege "read" \
+        -object_id $object_id \
+        -party_id [ad_conn user_id]
 }
+
 # find a cr_item and serve it
 
 if { $extra_arg eq "thumbnail" || $extra_arg eq "avatar" } {
@@ -60,15 +55,13 @@
         set new_object_id [image::resize -item_id $object_id -size_name $extra_arg]
     }
     set object_id $new_object_id
-
 }
 
 if {$extra_arg eq "info"} {
-	rp_form_put item_id $object_id
-	rp_form_put filename $filename
-	rp_internal_redirect "/packages/acs-content-repository/www/image-info"
-	ad_script_abort
+    rp_form_put item_id $object_id
+    rp_form_put filename $filename
+    rp_internal_redirect "/packages/acs-content-repository/www/image-info"
+    ad_script_abort
 } else {
-	cr_write_content -item_id $object_id
+    cr_write_content -item_id $object_id
 }
-
Index: openacs-4/packages/acs-subsite/www/o.vuh
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/www/o.vuh,v
diff -u -r1.4 -r1.4.6.1
--- openacs-4/packages/acs-subsite/www/o.vuh	4 Jun 2006 00:45:45 -0000	1.4
+++ openacs-4/packages/acs-subsite/www/o.vuh	27 May 2009 11:56:30 -0000	1.4.6.1
@@ -73,10 +73,8 @@
     ad_returnredirect $page_url$anchor
 } else {
     ad_return_warning "Invalid object ID" [subst {
-        The object ID $object_id is a $object_type but getting 
-        it's real url failed.
-        <p>We are sorry for this inconvenience.
+        <p>The object ID $object_id is a $object_type but getting 
+        it's real url failed.</p>
+        <p>We are sorry for this inconvenience.</p>
     }]
 }
-
-