From c232be79eeb6e3cfb296242af0f95599fe007fdd Mon Sep 17 00:00:00 2001
From: dave <dave@davepedu.com>
Date: Sun, 23 Sep 2018 15:37:24 -0700
Subject: [PATCH] thumb auth fix

---
 photoapp/daemon.py | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/photoapp/daemon.py b/photoapp/daemon.py
index 2234cd9..a0ed540 100644
--- a/photoapp/daemon.py
+++ b/photoapp/daemon.py
@@ -283,8 +283,10 @@ class ThumbnailView(object):
         uuid = uuid.split(".")[0]
         s = self.master.session()
 
-        query = photo_auth_filter(s.query(Photo)).filter(Photo.set.has(uuid=uuid)) if item_type == "set" \
-            else photo_auth_filter(s.query(Photo)).filter(Photo.uuid == uuid) if item_type == "one" \
+        query = photo_auth_filter(s.query(Photo).join(PhotoSet))
+
+        query = query.filter(Photo.set.has(uuid=uuid)) if item_type == "set" \
+            else query.filter(Photo.uuid == uuid) if item_type == "one" \
             else None
 
         assert query
@@ -299,8 +301,9 @@ class ThumbnailView(object):
                 best = photo
                 break
         thumb_from = best or first
+        print(repr(thumb_from))
         if not thumb_from:
-            raise Exception("404")
+            raise cherrypy.HTTPError(404)
         # TODO some lock around calls to this based on uuid
         thumb_path = self.master.library.make_thumb(thumb_from, thumb_size)
         if thumb_path:
@@ -328,6 +331,8 @@ class DownloadView(object):
             else None  # TODO set download query
 
         item = query.first()
+        if not item:
+            raise cherrypy.HTTPError(404)
         extra = {}
         if not preview:
             extra.update(disposition="attachement", name=os.path.basename(item.path))