Index: openacs-4/packages/acs-subsite/www/file.vuh
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/www/file.vuh,v
diff -u -r1.7 -r1.7.4.1
--- openacs-4/packages/acs-subsite/www/file.vuh	14 May 2007 22:53:04 -0000	1.7
+++ openacs-4/packages/acs-subsite/www/file.vuh	16 May 2009 00:24:24 -0000	1.7.4.1
@@ -21,31 +21,36 @@
     # content item, you can read the image regardless of the permissions
     
     if {![application_data_link::link_exists \
-	      -from_object_id $private_parent_id \
-	      -to_object_id $object_id]} {
-	# if the link does not exist it might be
-	# because its a new object
-	# that means you uploaded the image so you can see it in the editor while you are working on it
-	if {![permission::permission_p \
-		  -object_id $object_id \
-		  -privilege "read" \
-		  -party_id [ad_conn user_id]]} {
-	    # if you don't have permission to see it, it doesn't exist
-	    ns_returnnotfound
-	    ad_script_abort
-	}
+              -from_object_id $private_parent_id \
+              -to_object_id $object_id]} {
+        # if the link does not exist it might be
+        # because its a new object
+        # that means you uploaded the image so you can see it in the editor while you are working on it
+        if {![permission::permission_p \
+                  -object_id $object_id \
+                  -privilege "read" \
+                  -party_id [ad_conn user_id]]} {
+            # if you don't have permission to see it, it doesn't exist
+            ns_returnnotfound
+            ad_script_abort
+        }
     } elseif {![permission::permission_p \
-		    -privilege "read" \
-		    -object_id $private_parent_id \
-		    -party_id [ad_conn user_id]]} {
-	ns_returnnotfound
-	ad_script_abort
+                    -privilege "read" \
+                    -object_id $private_parent_id \
+                    -party_id [ad_conn user_id]]} {
+        ns_returnnotfound
+        ad_script_abort
     } else {
-	permission::require_permission \
-	    -privilege "read" \
-	    -object_id $object_id \
-	    -party_id [ad_conn user_id]
+        permission::require_permission \
+            -privilege "read" \
+            -object_id $object_id \
+            -party_id [ad_conn user_id]
     }
+} else {
+    permission::require_permission \
+        -privilege "read" \
+        -object_id $object_id \
+        -party_id [ad_conn user_id]
 }
 
 # find a cr_item and serve it