aMember (site.php): Restrict access to avatar image (only admin and owner can see it)

site.php

<?php

Am_Di::getInstance()->front->registerPlugin(new class extends Zend_Controller_Plugin_Abstract {
    public function preDispatch(Zend_Controller_Request_Abstract $request)
    {
        if ($request->getModuleName() == 'default' &&
            $request->getControllerName() == 'direct' &&
            $request->getParam('plugin_id') == 'avatar') {

            if (Am_Di::getInstance()->authAdmin->getUser()) {
                return;
            }

            $user = null;

            switch ($request->getActionName()) {
                case 'u' :
                    $user = Am_Di::getInstance()->userTable->findFirstByLogin($request->getParam('login'));
                    break;
                default:
                    if ($id = (int)$request->getActionName()) { //actually it is upload_id
                        $user = Am_Di::getInstance()->userTable->findFirstByAvatar($id);
                    }
            }

            $loggedin = Am_Di::getInstance()->auth->getUser();

            if ($user
                && (!$loggedin || $loggedin->pk() != $user->pk())
            ) {
                throw new Am_Exception_AccessDenied;
            }
        }
    }
});

Am_Di::getInstance()->hook->add(Am_Event::GET_UPLOAD_PREFIX_LIST, function(Am_Event $e) {
    $e->addReturn([
        Am_Upload_Acl::IDENTITY_TYPE_ADMIN => Am_Upload_Acl::ACCESS_ALL,
        Am_Upload_Acl::IDENTITY_TYPE_USER => Am_Upload_Acl::ACCESS_WRITE | Am_Upload_Acl::ACCESS_READ_OWN,
        Am_Upload_Acl::IDENTITY_TYPE_ANONYMOUS => Am_Upload_Acl::ACCESS_WRITE | Am_Upload_Acl::ACCESS_READ_OWN,
    ], Am_Plugin_Avatar::UPLOAD_PREFIX);
});