From: Alan Knowles <alan@akbkhome.com>
Date: Thu, 23 Feb 2012 23:15:10 +0000 (+0800)
Subject: DataObjects/Images.php
X-Git-Url: http://git.roojs.org/?a=commitdiff_plain;h=e61a1255e7a2ece59ace1b8defaf6ed08b00e1e4;p=Pman.Core

DataObjects/Images.php
---

diff --git a/DataObjects/Images.php b/DataObjects/Images.php
index f90dffeb..dd1554d5 100644
--- a/DataObjects/Images.php
+++ b/DataObjects/Images.php
@@ -385,13 +385,21 @@ class Pman_Core_DataObjects_Images extends DB_DataObject
         
     }
     
-    
+    /**
+     *
+     *
+     *
+     */
     
     
     function setFromRoo($ar, $roo)
     {
         // not sure why we do this.. 
         
+        
+        
+        
+        
         // if imgtype starts with '-' ? then we set the 'old' (probably to delete later)
         if (!empty($ar['imgtype']) && !empty($ar['ontable']) && !empty($ar['onid']) && ($ar['imgtype'][0] == '-')) {
             $this->setFrom($ar);
@@ -424,12 +432,14 @@ class Pman_Core_DataObjects_Images extends DB_DataObject
          
         
         // FIXME - we should be checking perms here...
-        //if (method_exists($x, 'checkPerm') && !$x->checkPerm('E', $this->authUser))  {
-        //    $this->jerr("PERMISSION DENIED");
-        // }
+       
         // this should be doign update
         $this->setFrom($ar);
         
+        if (method_exists(this, 'checkPerm') && !$this->checkPerm('E', $this->authUser))  {
+            $this->jerr("IMAGE UPLOAD PERMISSION DENIED");
+        }
+        
         if (!isset($_FILES['imageUpload'])) {
             return; // standard update...
         }