I do not want to deal with user accounts.
I am not in a high value environment where I need to strongly enforce privacy. I just want a little privacy.
I want the average random visitor to my site to be able to see most of the content without having to login.
I have Family and Friends (F&F) that I want to have access to a private area.
I use the "unpublished" feature to accomplish this.
I publish everything I want public.
I keep an unpublished album called Private for my F&F. I put sub-albums in the Private album and publish the sub-albums. I give F&F the direct link to the unpublished Private album. That way F&F have access to all of the sub-albums under Private. This seems to work well enough.
It is my understanding that after a direct link it used, that machine/browser combo can see the unpublished album without using the direct link again. So, given the above description,
one of my F&F uses the direct link to get to Private and then browse down to the album of interest. Once they close their browser and reboot their machine, I think they are able to go through the front door of the website to the gallery and they will see the unpublished Private album because they have used the direct link sometime in the past.
When I login as admin, I see everything, published or not. When I log out, I only see what is published or what I have used a direct link to.
I have visited or done work on my site from several different machines/browsers but I have forgotten what and how I accessed from where and when. I am having difficulty reestablishing an environment that looks like a random 1st time visitor to my site so that I can verify what they do/don't see.
1) Do I have an accurate understanding of the way that access to unpublished albums persists after a direct link is used?
2) Where/how is that persistence remembered and how can I reset it?
2a) Is it a cookie in the browser? If yes, what is it so I can clear it?
2c) Is it a table in the database? If yes, what is it so I can clear it?
If this is already addressed somewhere, please point me in the right direction.
May not be relevant but ...
Zenphoto version 1.4.4.1 [596740f651] (Official build)
Current locale setting: en_US.UTF8
Current gallery theme: SimpleMix (--->custom theme<---)
PHP version: 5.3.27
Graphics support: PHP GD library bundled (2.1.0 compatible)
supporting: gif, jpg, jpeg, png, bmp
PHP memory limit: 128M (Note: Your server might allocate less!)
MySQL version: 5.5.30
Thanks
Zenphoto
Comments
http://www.zenphoto.org/news/an-overview-of-zenphoto-users#rules-of-protection-and-visibility-for-zenphoto-ob
1.4.4.1 is not really the current release but it is this way since virtually for ever.
So I did have a basic misunderstanding. Thank you for clearing it up. I might have gained it from a previous product. Anyway, your answer changes my question.
I use the Zenpage plugin and I have turned on Combi-news. I use a custom theme that I wrote based on the Zenpage theme. I display the 1st 5 news items on the home page.
My gallery layout:
I publish everything I want public.
I keep an unpublished album called Private for my Friends & Family (F&F). I put sub-albums in the Private album and publish the sub-albums. I give F&F the direct link to the unpublished Private album. That way F&F have access to all of the sub-albums under Private.
I had hoped to use this as a makeshift privilege hierarchy but it appears combi-news only looks at the publish status of the album in question, not at the album's parent status. As a result, if I update a published album under an unpublished album, combi-news exposes the published new album as a news item with a direct link. This defeats the privilege hierarchy that I was hoping for.
Is my understanding of combi-news with registered albums under unregistered albums correct?
Is that the intended behavior? If it is, how do I make a change request?
Any other suggestions?
https://github.com/zenphoto/zenphoto/issues/503
So for now the album itself must be unpublished as well.
You should be able to use the private subalbums as you do know as long as these albums itself are unpublished and the images published.
I will disable combi-news and create a new article with an included album link whenever I add or update an album. That will provide a notification of the update and will be good enough for now.
I want to give all my F&F just one direct link to a hidden album. Under that single hidden album are multiple unhidden albums that are visible from inside the hidden album. Since my F&F know the direct link to the hidden album, they can see and get to the sub-albums. I do not want to give my F&F a new direct link every time I add a new album that I want hidden from the rest of the world. Unpublishing the children would force me to distribute links every time I added a new child which I don't want to do.
To implement my desire, I have one unpublished parent album and multiple published child albums.
Gallery
+ Album-1 (published, public)
+ Album-2 (published, public)
+ Album-3 (unpublished, hidden, link given to F&F)
+ Child-1 (published, only visible from Album-3)
+ Child-2 (published, only visible from Album-3)
That works as desired until I turn on combi-news. When I add or update one of the published child albums, combi-news generates a news item with a link to the updated album. My theme (as do most themes) allows navigation up to the unpublished parent album (I assume that is an intended feature). Once there, a visitor can see all of the published child albums of the hidden parent album. This bypasses the "privacy tree" I am hoping for.
I do not see this as a security bug because unpublished albums are not protected or secured, just hidden.
Having explained it, I also wonder if an unpublished parent -should- be visible from a child. For my intended use, the answer is yes but I can understand others saying no.