Hi,
After switching to the 1.4.2 development branch, I've found out that the handling of user rights regarding unpublished items is different now. After assuming this was a bug (ticket in trac:
http://www.zenphoto.org/trac/ticket/2014 ), it now seems like this is intended behaviour.
Previously (1.4.1.x branch), I could do the following:
- Give specific users the right to view unpublished items in a specific album tree without giving them editing right to said tree. I use this for family with a login who I'd like to allow to browse all my unpublished albums
- Send an album links to friends who don't have a login to view published images in an unpublished album, without them being able to browse the entire album tree
- Give edit/upload rights to album trees of their owners, so they can add new photos
With the 1.4.2, I no longer can give the right to users to view unpublished items in a specific album tree, without also giving them edit permissions! This is a major problem for my above described Zenphoto usage.
Can someone also explain what the improvement of 1.4.2 is over 1.4.1.x in this regard? Previously you could untick the 'view unpublished images' box in a specific user's album rights to prevent them from seeing unpublished images. Now this box is gone and I interpret its function having merged with the edit rights! How is this exactly not a regression in control of user rights?
Zenphoto
Comments
BTW, the 1.4.1 branch did not really work. That was part of what prompted the change.
Like I explained in my last post, I'd like to give friends access to a single web-album without requiring passwords to view them, by giving them the direct link. My family however can see all the albums in a tree, but I don't want them to edit the tree; hence I give them viewing rights; Previously this worked fine with setting the 'view unpublished images' right. Not any more since the 1.4.2 branch.
Why was this fine grained access control removed in the 1.4.2 branch? It's a huge loss of functionality in my opinion.
The unpublished items are not shown on the website itself unless you have administration rights. This was added on user request if I am not mistaken but my collegue will have the exact info.
like you said, I can send the direct link of unpublished items to friends, and indeed, that's part of how I use Zenphoto. What Zenphoto 1.4.1.x allowed me to do is give relatives 'viewing rights' to my album to browse my unpublished albums without giving guests (with no accounts) this ability nor giving my relatives editing rights to my album.
I'm still at a complete loss why you've removed the 'view unpublished images' access right. What did its presence prevent people from doing? If people wanted others to only view unpublished items if they had editing right, they could always enable/disable edit rights at the same time as 'view unpublished images'. What does the changed behaviour in 1.4.2 (removal of 'view unpublished images', effects merged with editing rights) fix or add? From what I see it only removes very useful access control! Please explain why it was removed, as I'm saddened and disappointed by the lack of this option in 1.4.2.
Further more, I'm not the only one suffering as user 'pumrum' posted the initial ticket for this issue. I hope you will reconsider your decision if people in future ask for this (thee days reaction time on changed behaviour in a development branch that knows no stable releases does not constitute 'reasonable time' in my opinion).
like you said, I can send the direct link of unpublished items to friends, and indeed, that's part of how I use Zenphoto. What Zenphoto 1.4.1.x allowed me to do is give relatives 'viewing rights' to my album to browse my unpublished albums without giving guests (with no accounts) this ability nor giving my relatives editing rights to my album.
I'm still at a complete loss why you've removed the 'view unpublished images' access right. What did its presence prevent people from doing? If people wanted others to only view unpublished items if they had editing right, they could always enable/disable edit rights at the same time as 'view unpublished images'. What does the changed behaviour in 1.4.2 (removal of 'view unpublished images', effects merged with editing rights) fix or add? From what I see it only removes very useful access control! Please explain why it was removed, as I'm saddened and disappointed by the lack of this option in 1.4.2.
Further more, I'm not the only one suffering as user 'pumrum' posted the initial ticket for this issue. I hope you will reconsider your decision if people in future ask for this (three days reaction time on changed behaviour in a development branch that knows no stable releases does not constitute 'reasonable time' in my opinion).
But let me point out that the Development branch has been around much more than three days. If you want your input to get in in time to influence things you will need to be trying the development build more often.
The feature was removed as being not worth the cost of the implementation.
'pumrum' simply did not (and apparently still does not) understand the "view" right. He seemed to think that the "view" rights had to do with unpublished items. That was never the case. I'm guessing he did not read It was only an artifact that all "users" were originally able to view unpublished items that one might have interpreted that right accodingly. It was this very behavior that was removed as documented in the release notes.
You may well say that the writing is not clear. But understand that we write based on our understandings, it is impossible to put our perspective to that of a naive user. We have often solicited someone with a user perspective to write a user guide, but I guess that is not something that will happen.
As to your request. That does not seem what ticket 2014 was about, so you still stand unique unless someone else jumps in.
@sbillard: "The feature was removed as being not worth the cost of the implementation.". I'm sorry to hear that this causes difficulty to carry over into a new branch of Zenphoto; I do think that it is indispensable for user-based access rights rather than content-based access rights in anything but the most simple of setups. This is something that will be obvious when the 1.4.2.x branch hits a stable release.
Further more: concluding that pumrum's issue does not coincide with mine requires the assumption that he's not familiar with the behaviour in 1.4.1.x regarding unpublished items in exactly the setup he is describing in his trac issue, and in addition to this, that he does not mind the loss of this feature which effect he is considering as a bug. I'll respectfully beg to differ on both accounts. A safer assumption, until pumrum delights us with a clarification on his trac, is that he wants either the ability to control the right for users to view unpublished items in a managed album (like in 1.4.1.x branch), or that he would expect it to be merged with the 'view' option rather than the 'edit' option. As the latter conflicts with other usage scenarios, I'd give preference to retaining the 1.4.1.x fine-grained control.
And I'd like to reiterate what I said in my trac post: I'm here to state the effects on a usage scenario from a loss of a function in a development branch compared to the currently released branch. I'm not here to make enemies nor friends; I have no interest in politics.
I have to leave the proper answer to my collegue who does all the user rights stuff I am not even really familiar with code wise.
At this point, I guess I can to try to switch back to 1.4.1.x. However, I want to commit to ZenPhoto (which is really great!) for long term. This is an essential functionality I need. Do you plan to continue have it for future releases?
Thanks very much!
When it is set to public, you can already see all published items. In that case, it makes sense having 'view' right assigned to 'see unpublished items'. This would allow the user-based access management.
In 'private' mode, you want a type of user that can not see unpublished items (as indicated by the 'customer' type).
Right now, there's no reason to run a 'public' site and have the 'view' option for users without edit rights, as it changes naught to the allowed behaviour of said user.
Published vs. not published has almost always been the mechanism to keep from showing things "until they were ready" Pretty much the definition of the term. You seem to want to use it as a kind of security feature.
http://www.zenphoto.org/news/an-overview-of-zenphoto-users is the required reading for this topic. Granted a private gallery has no "public" albums in the full sense of the word. However it may have semi-public albums--that is ones which are viewable by all users regardless of their rights. An administrator may want to have users view all albums but have management rights only to a handful. It would be really excessive to make him mark each and every album in each and every user's managed album list, so the `View" right makes sense.
We believe that the viewability of unpublished items should be restricted to those that manage them (and of course, anyone who has been given the link.) We do not see it as a security feature--that is left to the user rights/guest password realm.
But you really can do what you want anyway. Remember that Zenphoto is object oriented. The getAlbums() and getImages() methods have a parameter that overrides the protection letting you retrieve unpublished items if you wish.
I have retrofit a v1.4.3 change to the 1.4.2 Release Candidate that will allow you to provide this parameter via the Template-functions `next_album()` and `next_image()` functions. That change is available in tonight's trunc build.
So if you want a user to see unpublished items simply pass `true` for the `$mine` parameter to these functions.
In theme zpArdoise, in print_album_thumb.php, I changed
<?php $x = 1; while (next_album()): $lastcol = '';
to
<?php $x = 1; while (next_album(false, NULL, NULL, true)): $lastcol = '';
Then I let a user log in.
The user has following rights:
* view fullimage, view albums
* view gallery, view search, post comments, comments
* managed albums
** 2011 (the album is checked, but the "edit" is unchecked)
In the 2011 album page, user still cannot see the unpublished sub-albums.
If in the user rights, I check "edit". The the unpublished sub-albums will show up.
Does not seem to work for me,
I don't know PHP though. So I may have made some silly mistakes in above change.
This of course will depend on what the theme does. Probably the best action is to add a statement at the beginning of the script to "populate" the cache.
`$album->getImages(....)` will populate the image cache
`$obj->getAlbums(....)` will populate the subalbums.