Index: node_images.module
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/node_images/node_images.module,v
retrieving revision 1.1.2.6
diff -u -r1.1.2.6 node_images.module
--- node_images.module	13 Jan 2007 14:48:55 -0000	1.1.2.6
+++ node_images.module	26 Jan 2007 00:53:26 -0000
@@ -195,6 +195,7 @@
         // use the default theme function
         $output = theme('node_images_view', $node, $teaser, $page);
       }
+
       $node->node_images = $output;
 
       $output = '<div class="node_images">'.$output.'</div>';
@@ -391,6 +392,7 @@
 function _node_images_list($node, $result) {
   $images = array();
   $form['rows'] = array('#tree' => TRUE);
+  $attributes = (node_access('delete', $node) ? array() : array('disabled' => TRUE));
 
   while ($image = db_fetch_object($result)) {
     $images[$image->id] = $image;
@@ -404,9 +406,10 @@
       '#type' => 'weight',
       '#default_value' => $image->weight,
     );
-    $form['rows'][$image->id]['delete'] = array('#type' => 'checkbox');
+    $form['rows'][$image->id]['delete'] = array('#type' => 'checkbox', '#attributes' => $attributes);
   }
 
+  $form['nid'] = array('#type' => 'value', '#value' => $node->nid);
   $form['save'] = array(
     '#type' => 'submit',
     '#value' => t('Save changes'),
@@ -453,16 +456,23 @@
  * Process result from node images list.
  */
 function _node_images_list_submit($form_id, $form_values) {
+  $node = node_load($form_values['nid']);
+  if (!node_access('update', $node)) return;
+  $delete_access = node_access('delete', $node);
+
   foreach($form_values['rows'] as $id => $edit) {
-    if ($edit['delete']) {
+    if ($edit['delete'] && $delete_access) {
       // delete selected image
-      $r = db_fetch_object(db_query('SELECT filepath, thumbpath FROM {node_images} WHERE id=%d', $id));
+      $r = db_fetch_object(db_query('SELECT filepath, thumbpath FROM {node_images} WHERE id=%d AND nid=%d',
+        $id, $node->nid));
       file_delete($r->filepath);
       file_delete($r->thumbpath);
-      db_query('DELETE FROM {node_images} WHERE id=%d', $id);
-    } else {
+      db_query('DELETE FROM {node_images} WHERE id=%d AND nid=%d', $id, $node->nid);
+    }
+    else {
       // update image data
-      db_query('UPDATE {node_images} SET description="%s", weight=%d WHERE id=%d', $edit['description'], $edit['weight'], $id);
+      db_query('UPDATE {node_images} SET description="%s", weight=%d WHERE id=%d AND nid=%d',
+        $edit['description'], $edit['weight'], $id, $node->nid);
     }
   }
   drupal_set_message(t('The changes have been saved.'));
@@ -538,7 +548,7 @@
 /**
  * Show node images in the node view.
  */
-function theme_node_images_view($node, $teaser, $page) {
+function theme_node_images_view($node, $teaser, $page, $format = NULL) {
   if (arg(2) == 'image_gallery' || empty($node->node_images)) return;
 
   $output = '';
@@ -548,7 +558,9 @@
   $view = ($teaser ? 'teaser' : 'body');
   $count = variable_get('node_images_'.$view.'_images_'.$node->type, 2);
   if (isset($count) && $count === 0) return;
-  $format = variable_get('node_images_'.$view.'_format_'.$node->type, 'thumbs');
+  if (!$format) {
+    $format = variable_get('node_images_'.$view.'_format_'.$node->type, 'thumbs');
+  }
   
   foreach((array)$node->node_images as $id=>$image) {
     $description = check_plain($image->description);