Permission to view all albumns except XYZ

bryanvick

I'm coming from gallery2, so my mind is still in that security model. I want visitors to have to sign in to view the gallery, so I set the gallery password. That works.

I want all registered user to be able to view all albums, except a few. So I give my users the "All albums" permission. Then I set the password for the private album. The user can still view it, even without the album password. So I remove the "All albums" permission, but now the user can't sign on with their credentials, they need to use the guest credentials.

How can I mark an album as only visible by me, or me and someone else?

I'm used to access control list type permissions, so each album would have a list of who can access it:
Who can access this album:
- John
- Mary
OR
- Everyone
OR
- Registered users

sbillard

All albums means just that. All albums. If you want them to view only some albums you will have to set those individually. You can, of course use the "groups" features to make this simpler.

Just make a group, say `average_users` and for that group's managed albums, check each album you wish to be visible.

bryanvick

The Managed Albums option seems to only let me assign them permission to manage top level albums. So if I have the following album structure:

- A
- A1
- A2
- B
- B1
- B2
- B3

How can I tell the system:
"John can view all albums, except A2"

I understand if I have to assign each album except A2 to John using the "Managed Albums" option, but the "Managed Albums" option is only showing me albums A & B, not their subalbums.

sbillard

Album manaagement is available only for the first level album.

bryanvick

Maybe I'll write a plugin that allows ACL type security. Otherwise I won't be able to ditch gallery2 for the time being. Thanks for the help.

sbillard

Sounds good. You can make a filter. We can add a filter call to the isMyAlbum() function as follows:
`
function isMyAlbum($albumfolder, $action) {
global $_zp_loggedin, $_zp_admin_album_list;
if ($_zp_loggedin & (ADMIN_RIGHTS | MANAGE_ALL_ALBUM_RIGHTS | VIEW_ALL_RIGHTS)) {
if ($_zp_loggedin & (ADMIN_RIGHTS | $action)) return true;
}
if (zp_apply_filter('check_album_credentials', false)) return true;
if (empty($albumfolder) || $albumfolder == '/') {
return false;
}
if ($_zp_loggedin & $action) {
if (is_null($_zp_admin_album_list)) {
getManagedAlbumList();
}
if (count($_zp_admin_album_list) == 0) {
return false;
}
$desired_folders = explode('/', $albumfolder);
foreach ($_zp_admin_album_list as $key => $adminalbum) { // see if it is one of the managed folders or a subfolder there of
$admin_folders = explode('/', $adminalbum);
$found = true;
foreach ($admin_folders as $level=>$folder) {
if ($level >= count($desired_folders) || $folder != $desired_folders[$level]) {
$found = false;
break;
}
}
if ($found) {
return true;
}
}
}
return false;
}
`
So you can have your plugin attach that filter. Probably will need an additional database field in the long run, but you could use the custom data field for prototyping.

newguest

If I follow your explanation about groups, you can assign users to albums. If groups are used, do you still need to set password for each album?

I noticed that when users are NOT assigned to any album and do have the rights to view albums, they can view ANY album.

Is there a way to ensure that ONLY assigned users to an album can view the album? I do not want those that are not assigned to view the album.

If users are added to a group, do you still need to tick the checkbox for Albums under Albums Rights? From my test, ticking the box allows them to create an album.

Also, do you need to add albums under "Managed album? This action allows users to edit the album and images.

please, clarify.

acrylian

Please read if you haven't: http://www.zenphoto.org/news/troubleshooting-zenphoto#46