From c02faf58408260d79e3981c64453ac35d88c32eb Mon Sep 17 00:00:00 2001
From: mrilyew <99399973+mrilyew@users.noreply.github.com>
Date: Sun, 1 Jun 2025 17:57:01 +0300
Subject: [PATCH] fix(photo upload): fix own page upload error

---
 Web/Models/Entities/MediaCollection.php | 5 +++++
 Web/Presenters/PhotosPresenter.php      | 6 ++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/Web/Models/Entities/MediaCollection.php b/Web/Models/Entities/MediaCollection.php
index f3f340b4..91c9a247 100644
--- a/Web/Models/Entities/MediaCollection.php
+++ b/Web/Models/Entities/MediaCollection.php
@@ -60,6 +60,11 @@ abstract class MediaCollection extends RowModel
         }
     }
 
+    public function getOwnerId(): int
+    {
+        return (int) $this->getRecord()->owner;
+    }
+
     public function getPrettyId(): string
     {
         return $this->getRecord()->owner . "_" . $this->getRecord()->id;
diff --git a/Web/Presenters/PhotosPresenter.php b/Web/Presenters/PhotosPresenter.php
index 9bc150cb..fc37f448 100644
--- a/Web/Presenters/PhotosPresenter.php
+++ b/Web/Presenters/PhotosPresenter.php
@@ -284,13 +284,15 @@ final class PhotosPresenter extends OpenVKPresenter
         }
 
         if ($_SERVER["REQUEST_METHOD"] == "GET" || $this->queryParam("act") == "finish") {
-            if (!$album) {
+            if (!$album || $album->isCreatedBySystem()) {
                 $this->flashFail("err", tr("error"), tr("error_adding_to_deleted"));
             }
         }
 
         if ($album && !$album->canBeModifiedBy($this->user->identity)) {
-            $this->flashFail("err", tr("error_access_denied_short"), tr("error_access_denied"));
+            if ($album->getOwnerId() != $this->user->id) {
+                $this->flashFail("err", tr("error_access_denied_short"), tr("error_access_denied"));
+            }
         }
 
         if ($_SERVER["REQUEST_METHOD"] === "POST") {