# HG changeset patch
# User bsw
# Date 1415641953 -3600
# Node ID 498d655dbc18882e9c59325e52d640e9d4f09376
# Parent  7f7142e949ee4e1a43991fbb5176a4ff65aa2753
Added missing access control for member profile images

diff -r 7f7142e949ee -r 498d655dbc18 app/main/_filter/21_auth.lua
--- a/app/main/_filter/21_auth.lua	Mon Nov 10 18:45:31 2014 +0100
+++ b/app/main/_filter/21_auth.lua	Mon Nov 10 18:52:33 2014 +0100
@@ -47,6 +47,12 @@
 end
 
 if app.session:has_access("authors_pseudonymous") then
+  if module == "member_image" and view == "show" and param.get("image_type") == "avatar" then
+    auth_needed = false
+  end
+end
+
+if app.session:has_access("everything") then
   if module == "member_image" and view == "show" then
     auth_needed = false
   end