vanilla-china · wvdongen · Jun 18, 2014
diff --git a/class.imageupload.plugin.php b/class.imageupload.plugin.php
@@ -3,7 +3,7 @@
 $PluginInfo['ImageUpload'] = array(
 	'Name' => 'ImageUpload',
 	'Description' => 'lightweight and simple image uploader',
-	'Version' => '1.1.1',
+	'Version' => '1.1.2',
 	'RequiredApplications' => array('Vanilla' => '2.0.18.4'),
 	'RequiredTheme' => FALSE,
 	'RequiredPlugins' => FALSE,
@@ -12,24 +12,31 @@
 	'RegisterPermissions' => FALSE,
 	'Author' => "chuck911",
 	'AuthorEmail' => 'contact@with.cat',
-	'AuthorUrl' => 'http://vanillaforums.cn/profile/chuck911'
+	'AuthorUrl' => 'http://vanillaforums.cn/profile/chuck911',
+	'RegisterPermissions' => array('Plugins.ImageUpload.Add' => 1)
 );
 
 class ImageUploadPlugin extends Gdn_Plugin {
 
 	public function DiscussionController_BeforeBodyField_Handler($Sender)
 	{
-		echo $Sender->FetchView($this->GetView('upload_button.php'));
+		if (Gdn::Session()->CheckPermission('Plugins.ImageUpload.Add')) {
+			echo $Sender->FetchView($this->GetView('upload_button.php'));
+		}
 	}
 
 	public function PostController_BeforeBodyInput_Handler($Sender)
 	{
-		echo $Sender->FetchView($this->GetView('upload_button.php'));
+		if (Gdn::Session()->CheckPermission('Plugins.ImageUpload.Add')) {
+			echo $Sender->FetchView($this->GetView('upload_button.php'));
+		}
 	}
 
 	public function Base_Render_Before($Sender) {
 		if(!in_array(get_class($Sender), array('PostController','DiscussionController')))
 			return;
+		if (! Gdn::Session()->CheckPermission('Plugins.ImageUpload.Add'))
+			return;
 		$Sender->AddDefinition('ImageUpload_Url',Url('/post/imageupload'));
 		$Sender->AddDefinition('ImageUpload_Multi',C('Plugins.UploadImage.Multi',TRUE));
 		$Sender->AddDefinition('ImageUpload_InputFormatter',C('Garden.InputFormatter', 'Html'));
@@ -41,6 +48,9 @@ public function Base_Render_Before($Sender) {
 
 	public function PostController_Imageupload_create()
 	{
+		if (! Gdn::Session()->CheckPermission('Plugins.ImageUpload.Add')) {
+			header('HTTP/1.0 401', TRUE, 401);
+		}
 		try {
 			$UploadImage = new Gdn_UploadImage();
 			$TmpImage = $UploadImage->ValidateUpload('image_file');