Index: openacs-4/packages/acs-subsite/www/image.vuh
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/www/image.vuh,v
diff -u -r1.6 -r1.7
--- openacs-4/packages/acs-subsite/www/image.vuh	31 Mar 2009 14:56:16 -0000	1.6
+++ openacs-4/packages/acs-subsite/www/image.vuh	12 Jul 2009 01:08:30 -0000	1.7
@@ -15,41 +15,36 @@
 }
 
 # check permissions!
-if {$private eq "private"} {
-	# find if the image has a parent link to the object
-	# that is, if the image is used in a content item and you can read the
-	# content item, you can read the image regardless of the permissions
-	
-	if {![application_data_link::link_exists \
-		-from_object_id $private_parent_id \
-		-to_object_id $object_id]} {
-		# if the link does not exist it might be
-	        # because its a new object
-	        # that means you uploaded the image so you can see it in the editor while you are working on it
-		if {![permission::permission_p \
-			-object_id $object_id \
-			-privilege "read" \
-			-party_id [ad_conn user_id]]} {
-			# if you don't have permission to see it, it doesn't exist
-				ns_returnnotfound
-				ad_script_abort
-		}
-	} elseif {![permission::permission_p \
-	-privilege "read" \
-	-object_id $private_parent_id \
-	-party_id [ad_conn user_id]]} {
-	ns_returnnotfound
-	ad_script_abort
-        }
-} elseif {$extra_arg eq ""} {
-	if {![permission::permission_p \
-	    -privilege "read" \
-	    -object_id $object_id \
-	    -party_id [ad_conn user_id]]} {
-		ns_returnnotfound 
-		ad_script_abort
-	}
+if { $private eq "private" } {
+    # find if the image has a parent link to the object
+    # that is, if the image is used in a content item and you can read the
+    # content item, you can read the image regardless of the permissions
+    
+    set object_to_check $object_id
+
+    if { [application_data_link::link_exists \
+              -from_object_id $private_parent_id \
+              -to_object_id $object_id] } {
+        # if the link does not exist it might be
+        # because its a new object
+        # that means you uploaded the image so you can see it in 
+        # the editor while you are working on it
+        set object_to_check $private_parent_id
+    }
+    if {![permission::permission_p \
+              -privilege "read" \
+              -object_id $object_to_check \
+              -party_id [ad_conn user_id]]} {
+        ns_returnnotfound
+        ad_script_abort
+    }
+} else { 
+    permission::require_permission \
+        -privilege "read" \
+        -object_id $object_id \
+        -party_id [ad_conn user_id]
 }
+
 # find a cr_item and serve it
 
 if { $extra_arg eq "thumbnail" || $extra_arg eq "avatar" } {
@@ -60,15 +55,13 @@
         set new_object_id [image::resize -item_id $object_id -size_name $extra_arg]
     }
     set object_id $new_object_id
-
 }
 
 if {$extra_arg eq "info"} {
-	rp_form_put item_id $object_id
-	rp_form_put filename $filename
-	rp_internal_redirect "/packages/acs-content-repository/www/image-info"
-	ad_script_abort
+    rp_form_put item_id $object_id
+    rp_form_put filename $filename
+    rp_internal_redirect "/packages/acs-content-repository/www/image-info"
+    ad_script_abort
 } else {
-	cr_write_content -item_id $object_id
+    cr_write_content -item_id $object_id
 }
-