X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/0f113ec41f328eab6af78097d47c28d9cb99d893..refs/pull/4467/head:/app/Uploads/Image.php

diff --git a/app/Uploads/Image.php b/app/Uploads/Image.php
index c21a3b03f..9f571693a 100644
--- a/app/Uploads/Image.php
+++ b/app/Uploads/Image.php
@@ -2,10 +2,12 @@
 
 namespace BookStack\Uploads;
 
-use BookStack\Auth\Permissions\JointPermission;
+use BookStack\App\Model;
 use BookStack\Entities\Models\Page;
-use BookStack\Model;
-use BookStack\Traits\HasCreatorAndUpdater;
+use BookStack\Permissions\Models\JointPermission;
+use BookStack\Permissions\PermissionApplicator;
+use BookStack\Users\Models\HasCreatorAndUpdater;
+use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Relations\HasMany;
 
@@ -33,12 +35,21 @@ class Image extends Model
             ->where('joint_permissions.entity_type', '=', 'page');
     }
 
+    /**
+     * Scope the query to just the images visible to the user based upon the
+     * user visibility of the uploaded_to page.
+     */
+    public function scopeVisible(Builder $query): Builder
+    {
+        return app()->make(PermissionApplicator::class)->restrictPageRelationQuery($query, 'images', 'uploaded_to');
+    }
+
     /**
      * Get a thumbnail for this image.
      *
      * @throws \Exception
      */
-    public function getThumb(int $width, int $height, bool $keepRatio = false): string
+    public function getThumb(?int $width, ?int $height, bool $keepRatio = false): string
     {
         return app()->make(ImageService::class)->getThumbnail($this, $width, $height, $keepRatio);
     }