#33: Fixed an issue where by the anonymous album check did not include the album ID, thereby allowing access if other albums allowed anonymous users.

app/Policies/AlbumPolicy.php

@@ -145,7 +145,10 @@ class AlbumPolicy
         {
             $query = Album::query()->join('album_anonymous_permissions', 'album_anonymous_permissions.album_id', '=', 'albums.id')
                 ->join('permissions', 'permissions.id', '=', 'album_anonymous_permissions.permission_id')
-                ->where('permissions.id', $permission->id);
+                ->where([
+                    ['albums.id', $album->id],
+                    ['permissions.id', $permission->id]
+                ]);
 
             return $query->count() > 0;
         }