diff --git a/Web/Presenters/NotesPresenter.php b/Web/Presenters/NotesPresenter.php
index 0764faf6..443a484a 100644
--- a/Web/Presenters/NotesPresenter.php
+++ b/Web/Presenters/NotesPresenter.php
@@ -19,6 +19,8 @@ final class NotesPresenter extends OpenVKPresenter
{
$user = (new Users)->get($owner);
if(!$user) $this->notFound();
+ if(!$user->getPrivacyPermission('notes.read', $this->user->identity ?? NULL))
+ $this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
$this->template->notes = $this->notes->getUserNotes($user, (int)($this->queryParam("p") ?? 1));
$this->template->count = $this->notes->getUserNotesCount($user);
@@ -36,6 +38,8 @@ final class NotesPresenter extends OpenVKPresenter
$note = $this->notes->getNoteById($owner, $note_id);
if(!$note || $note->getOwner()->getId() !== $owner || $note->isDeleted())
$this->notFound();
+ if(!$note->getOwner()->getPrivacyPermission('notes.read', $this->user->identity ?? NULL))
+ $this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
$this->template->cCount = $note->getCommentsCount();
$this->template->cPage = (int) ($this->queryParam("p") ?? 1);
diff --git a/Web/Presenters/PhotosPresenter.php b/Web/Presenters/PhotosPresenter.php
index 24fd7829..78c17c1e 100644
--- a/Web/Presenters/PhotosPresenter.php
+++ b/Web/Presenters/PhotosPresenter.php
@@ -29,6 +29,8 @@ final class PhotosPresenter extends OpenVKPresenter
if($owner > 0) {
$user = $this->users->get($owner);
if(!$user) $this->notFound();
+ if (!$user->getPrivacyPermission('photos.read', $this->user->identity ?? NULL))
+ $this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
$this->template->albums = $this->albums->getUserAlbums($user, $this->queryParam("p") ?? 1);
$this->template->count = $this->albums->getUserAlbumsCount($user);
$this->template->owner = $user;
@@ -129,6 +131,10 @@ final class PhotosPresenter extends OpenVKPresenter
if($album->getPrettyId() !== $owner . "_" . $id || $album->isDeleted())
$this->notFound();
+ if($owner > 0 /* bc we currently don't have perms for clubs */) $ownerObject = (new Users)->get($owner);
+ if(!$ownerObject->getPrivacyPermission('photos.read', $this->user->identity ?? NULL))
+ $this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
+
$this->template->album = $album;
$this->template->photos = iterator_to_array( $album->getPhotos( (int) ($this->queryParam("p") ?? 1) ) );
$this->template->paginatorConf = (object) [
diff --git a/Web/Presenters/UserPresenter.php b/Web/Presenters/UserPresenter.php
index 4f51175c..551976fc 100644
--- a/Web/Presenters/UserPresenter.php
+++ b/Web/Presenters/UserPresenter.php
@@ -54,6 +54,8 @@ final class UserPresenter extends OpenVKPresenter
$page = abs($this->queryParam("p") ?? 1);
if(!$user)
$this->notFound();
+ elseif (!$user->getPrivacyPermission('friends.read', $this->user->identity ?? NULL))
+ $this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
else
$this->template->user = $user;
@@ -78,9 +80,11 @@ final class UserPresenter extends OpenVKPresenter
$this->assertUserLoggedIn();
$user = $this->users->get($id);
- if(!$user) {
+ if(!$user)
$this->notFound();
- } else {
+ elseif (!$user->getPrivacyPermission('groups.read', $this->user->identity ?? NULL))
+ $this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
+ else {
$this->template->user = $user;
$this->template->page = $this->queryParam("p") ?? 1;
$this->template->admin = $this->queryParam("act") == "managed";
diff --git a/Web/Presenters/VideosPresenter.php b/Web/Presenters/VideosPresenter.php
index 47d529ac..0e20a91b 100644
--- a/Web/Presenters/VideosPresenter.php
+++ b/Web/Presenters/VideosPresenter.php
@@ -22,6 +22,8 @@ final class VideosPresenter extends OpenVKPresenter
{
$user = $this->users->get($id);
if(!$user) $this->notFound();
+ if(!$user->getPrivacyPermission('videos.read', $this->user->identity ?? NULL))
+ $this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
$this->template->user = $user;
$this->template->videos = $this->videos->getByUser($user, (int) ($this->queryParam("p") ?? 1));
@@ -38,6 +40,8 @@ final class VideosPresenter extends OpenVKPresenter
{
$user = $this->users->get($owner);
if(!$user) $this->notFound();
+ if(!$user->getPrivacyPermission('videos.read', $this->user->identity ?? NULL))
+ $this->flashFail("err", tr("forbidden"), tr("forbidden_comment"));
if($this->videos->getByOwnerAndVID($owner, $vId)->isDeleted()) $this->notFound();
diff --git a/Web/Presenters/templates/User/View.xml b/Web/Presenters/templates/User/View.xml
index 58cdaa1d..9c724ec4 100644
--- a/Web/Presenters/templates/User/View.xml
+++ b/Web/Presenters/templates/User/View.xml
@@ -3,6 +3,7 @@
{block title}{$user->getCanonicalName()}{/block}
{block headIncludes}
+ {if $user->getPrivacyPermission('page.read', $thisUser ?? NULL)}
@@ -22,6 +23,9 @@
"url": {('http://') . $_SERVER['HTTP_HOST'] . $user->getURL()}
}
+ {else}
+
+ {/if}
{/block}
{block header}