I think this is the source of the error - lines 42 - 54 of photo.tcl:
ad_require_permission $photo_id "read"
set user_id [ad_conn user_id]
set context [pa_context_bar_list $photo_id]
set root_folder_id [pa_get_root_folder]
# to move a photo need write on photo, and old parent album
# and pa_create_photo on new parent album (which is check in the is_valid block)
set old_album_id [db_string get_parent_album {}]
ad_require_permission $photo_id write
ad_require_permission $old_album_id write
Those lines are all outside of any code blocks i.e., no if statements - looks like the permissions are first checked for read (as one would expect), then checked again for write in case the user is trying to move a photo to a different album. I think the write permissions need to be in an if statement checking to see if that action is being taken - I'm just not sure where on the page that is or which flag is set to do that. Anyone else care to take a peek? I'll keep digging and drag out the old tcl manual...
