diff --git a/controllers/ViewPhoto.php b/controllers/ViewPhoto.php
index 4f7dfb01..5a1262e1 100644
--- a/controllers/ViewPhoto.php
+++ b/controllers/ViewPhoto.php
@@ -10,6 +10,10 @@ class ViewPhoto extends HTMLController
 {
 	public function __construct()
 	{
+		// Ensure we're logged in at this point.
+		if (!Registry::get('user')->isLoggedIn())
+			throw new NotAllowedException();
+
 		$photo = Asset::fromSlug($_GET['slug']);
 		if (empty($photo))
 			throw new NotFoundException();