From 6d07a4713270ed319d5bcb4ff09b7cbe4b599d54 Mon Sep 17 00:00:00 2001
From: Aaron van Geffen <aaron@aaronweb.net>
Date: Sun, 4 Sep 2016 16:17:02 +0200
Subject: [PATCH] Only allow authenticated users to view photos.

---
 controllers/ViewPhoto.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/controllers/ViewPhoto.php b/controllers/ViewPhoto.php
index 4f7dfb0..5a1262e 100644
--- a/controllers/ViewPhoto.php
+++ b/controllers/ViewPhoto.php
@@ -10,6 +10,10 @@ class ViewPhoto extends HTMLController
 {
 	public function __construct()
 	{
+		// Ensure we're logged in at this point.
+		if (!Registry::get('user')->isLoggedIn())
+			throw new NotAllowedException();
+
 		$photo = Asset::fromSlug($_GET['slug']);
 		if (empty($photo))
 			throw new NotFoundException();