Permissions and groups

westor

Joined: 2009-05-23
Posts: 21
Posted: Tue, 2009-06-09 21:58

For me it's a little bit unclear, how permissions should work. Or is this part far from being complete now?

If I create a new user and this user wants to upload something, user must have permissions to add (what: folder, files, comments?) in the root gallery. Because we only have groups "Everybody" and "registered users", I have to give all registered users at least the right to add. If the User wants to remove the permissions for other user from his own album, he also need the "modify" permission. If he has the modify permission, he also can remove permission from main folder (which crashes the page) and the folders of all other users.

IMHO we need at least a structure like this:

Groups: Admins, Registred Users, Everyone. And the Owner himself! (Not as a group, but in the list of people who can have permissions)
Permissions: View, View Full Size, Modify, Add
Objects (permissions on what): Folder (Album), Files (Images, Movies, other), Comments, Groups, ... (other stuff like voting, links, additional infos)
A user, who is created by admin, should start with an empty album. (Btw: I don't like to see empty albums in the gallery view.) He should own this album. Now he should be able to remove all permissions for Everyone and for Registered Users. After creating a group by himself (what means that he is the owner of the group) and add users to this new group, he can give permissions, e.g. view folder (and subfolder), view files, view and add comments...

Am I on the wrong track?

 
westor

Joined: 2009-05-23
Posts: 21
Posted: Tue, 2009-06-09 22:09

OK, I see, we will have permissions only on Albums. That's ok. But what about permissions for groups? A normal user should be able to create a group and add / remove user.

 
bharat
bharat's picture

Joined: 2002-05-21
Posts: 7994
Posted: Fri, 2009-06-12 08:31

Permissions are granted to groups on albums. Permissions *can* be fine grain but we have deliberately made them coarse to minimize the maintenance overhead for admins. Most sites do not require the amount of complexity you're describing, so while the framework supports it we're definitely not making complex permissions the default. Right now, only admins can create groups. I don't see an obvious call for letting users create groups, but I'd be happy to hear use cases.

---
Problems? Check gallery3/var/logs before you post! and file bugs here!
Latest zip: http://github.com/gallery/gallery3/zipball/master
Latest git: http://codex.gallery2.org/Gallery:Using_Git

 
westor

Joined: 2009-05-23
Posts: 21
Posted: Mon, 2009-06-15 11:59

Well, I want to run gallery as part of a community. Like in flickr every user should be able to upload his fotos and to decide, who should be able to see them. Of course, I think to do this based on albums should be fine.

IMHO a way to give the user the possibilty to allow or disallow viewing is something like this:
Create an album for the user after user creation automatic. The user should be the owner of the album.
Now the user can remove all permissions and give permissions only for special groups. (for those groups he owns, because he has to say, who's a member of his group...) Do you see other ways to do this?

If I would give all users permissions to create albums ("modify permission" for registered users) in main gallery, they also have the ability to change permissions in other albums and in the main album too.

 
bharat
bharat's picture

Joined: 2002-05-21
Posts: 7994
Posted: Tue, 2009-06-16 03:33

We're probably not going to go that far. Groups will be site-wide in Gallery 3, not owned by individual users. You might consider creating a set of separate gallery3 instances if you want to give individual users more control.
---
Problems? Check gallery3/var/logs before you post! and file bugs here!
Latest code/upgrading: http://codex.gallery2.org/Gallery3:Upgrading
Latest git: http://codex.gallery2.org/Gallery:Using_Git

 
westor

Joined: 2009-05-23
Posts: 21
Posted: Tue, 2009-06-16 08:18

Oh - that sounds bad! So the user can not decide to show his pictures only persons he wants to? That would be definitely a showstopper for me :-(
In opposite - flickr offers the groups "friends" and "family and friends". And I can decide, which user is in MY OWN "friends" group or in my "family and friends" group. This is really good to save the privacy of the user. But I think, it would be better, if a user can create groups, and he can decide, who will become a member. Based on these groups he can give access to his albums.
Is this really hard to implement?

 
zdiva

Joined: 2007-07-18
Posts: 14
Posted: Tue, 2009-06-16 12:20

I run a family site and I was looking forward to a new G3 as the user interface of the G2 is way too complicated for our average member. But, if G3 will not have the option of user albums and all the permissions that go with it, such as create/modify/delete, than the whole G3 excersise is a futile endeavour as far as I'm concerned. Pity, because otherwise, I like the simplicity and a clean look of G3.

And, to the developers of G3 - your assumption that most of the Gallery users are the single artists/photographers showing off their work, you are WRONG! Most sites are community based with all members contributing to the contents and they must be able to create and manipulate their own albums as they see fit.

 
bharat
bharat's picture

Joined: 2002-05-21
Posts: 7994
Posted: Tue, 2009-06-16 16:56

Jeez, can you guys please use the product before you begin the wild speculation?

Gallery 3, exactly like Gallery 2, restricts group creation to admins.
Gallery 3, exactly like Gallery 2, lets admins create as many groups as they want.

We will offer user albums. We will offer user registration. The current permission model is restricted to allowing permissions per group per album. As far as I can tell, we can reproduce almost exactly the same behavior that we had in Gallery 2 except that you won't be able to grant permissions to single users or to single photos (both of which are a usability nightmare anyway) you'll have to group your users together.

@zdiva: please provide some numbers to back up your claim.
---
Problems: Check gallery3/var/logs first!
file a bug or feature request | upgrade to the latest code | use git

 
westor

Joined: 2009-05-23
Posts: 21
Posted: Tue, 2009-06-16 17:17

Hi bharat, I'm using the product in the beta release. :-) In generally I'm very impressed, but that's the reason why I have these questions ;-)
One more time: If only the admin is able to create a group - how can a user remove access to his album for everybody except for his friends?
I thought, this could be done by user created group(s) and adding users to his group? Is there another way, so please let me know.

 
bharat
bharat's picture

Joined: 2002-05-21
Posts: 7994
Posted: Tue, 2009-06-16 18:44

Sorry, I was a little grouchy earlier.

If you're a user and you own an album (ie, you created it or you have edit permissions on it) then you can do Options > Edit Permission and you have a full list of all the possible permissions / group combinations available. So you can just click the red [x] next to any groups that you don't want to be able to see it.

If I understand correctly, in your case you're saying that the site is huge and has lots of users and you want to pick a subset of those users, but there's no specific group set up for just those users. Since you can't create a group and you're not the site admin, you can't properly restrict access. It's possible to write a module to allow users to create their own groups, but that's not on our roadmap currently because we don't believe that there will be a very large userbase that has this particular need. But please feel free to file a feature request for it and we'll prioritize it accordingly.
---
Problems: Check gallery3/var/logs first!
file a bug or feature request | upgrade to the latest code | use git

 
westor

Joined: 2009-05-23
Posts: 21
Posted: Tue, 2009-06-16 20:01

No problem.
And yes, now we understand each other. I think, that indeed could be interesting for a plenty of people. If one drives a community, he will probably have this as a requirement. I will file a feature request.

 
westor

Joined: 2009-05-23
Posts: 21
Posted: Tue, 2009-06-16 20:14

Whaaa, after searching a while, I can't find a place for a feature request. Where can I do this?
http://www.urlaubszeit.de/
http://www.fitnesswelt.com/

 
westor

Joined: 2009-05-23
Posts: 21
Posted: Tue, 2009-06-16 20:17

Oh sorry, I didn't see it in your footer. It's late ;-)

 
psch

Joined: 2009-05-27
Posts: 2
Posted: Wed, 2009-06-17 09:55

I tried the newly added feature of "Add" permission on beta 1. I think it is useful if you want a user to join while limiting him on editing other user's photos. However, I find this user with "Add" permission cannot edit or delete on his own photos. This user need to be very careful to edit the file name, IPTC description and keywords before all uploads. Otherwise, he need to request administrator to edit or delete.

I think this feature will be more useful if the "Add" permission can be made to extend a bit to include the permission on edit and delete on user's own photos. It will lessen the administrator work on edit and delete photos for careless adder. Actually, I am also a careless guy. :-)

 
appelflap

Joined: 2009-06-16
Posts: 23
Posted: Wed, 2009-06-17 21:16

I found out the same 'problem' as psch. An user with "add" permission cannot edit or delete his own photos/albums. I could not find any ticket, so I created one: {433}

 
nivekiam
nivekiam's picture

Joined: 2002-12-10
Posts: 16504
Posted: Thu, 2009-06-18 00:10

Make an album for those users. Permissions are on the album and only the album, not individual photos. The developers have learned from G2. It creates too much overhead (either on the system or the administrators) to have permissions that finely grained. The vast majority of people never used that fine grained functionality in G2, they just applied permissions to albums. As it should be.

Try maintaining a system with 100,000s of files (I speak from experience here, not in terms of using Gallery for that, but other systems). You apply permissions to containers, not individual files. You give users access to the containers and the contents of the containers, not just individual files inside them. It makes administration much easier. What happens when (not if, but when) permissions get reset at the album level? Guess what, all those little fine grained permissions you set on all sub-items (photos and albums) gets reset, all that work lost and now people have access to stuff they shouldn't or don't have access to stuff they should.

And actually, you don't give access to individual users, you create groups, you put users in groups, you assign permissions to the groups.

Gallery is not a replacement or competition for Flickr, if you want what Flickr has to offer, use Flickr. Gallery is about "Your Photos on Your Website"

That being said, you may be able to extend G3 to do what you want. Take a look at what these guys did with G2
http://www.care2.com/c2c/photos/

Yes, that is in fact a very heavily modified version of G2 running that system. You can still see evidence of that by looking at the source:
http://www.care2.com/c2c/photos/view?g2_controller=care2:UserAlbum

One thing I just thought about. When (if) G3 has a "user albums" feature, the users could create albums of their own slicing and dicing stuff into their own categories and assigning individual users access. Sure they can't create groups and manage people with gorups, but in my experience, very, very, very few gallery installs have lots of registered users. Most have a relatively small user base and managing even several hundred users without an elaborate system is actually not hard.
____________________________________________
Like Gallery? Like the support? Donate now!!! See G2 live here

 
appelflap

Joined: 2009-06-16
Posts: 23
Posted: Thu, 2009-06-18 06:39

I have the feeling that it doesn't take a heavy modification to the permissions system to let a user delete a photo that has his name on it. He had the right to put it there.. but cannot change it if it has an faulty image in it. I am NOT asking for permission control for that user. Can't that be a simple check of two user id's?

 
westor

Joined: 2009-05-23
Posts: 21
Posted: Thu, 2009-06-18 06:44

@nivekiam: To refer to your last passage, I think gallery is not very well known by programmers of community software. What a pity! Gallery is IMHO the best gallery software available as open source. If gallery people would connect to the best open source community builders (that's elgg - believe me ;-) or visit http://www.elgg.org ), it would be a great enhancement for both!

From the admin's view (that's also my view as developer and owner of a new created community) some features would be necessary to use gallery as part of the community.

- sign on to gallery with the given community account. (Using only the session or craete a database entry for the user, or offer a webservice for single sign on, depends on gallery needs.)

- while the registration or while the first user request, automatic creation of a user main album (I think, that's not a big deal)

- give him the option to manage, who can view his album. I like the idea, to do this for sub albums, he can create, and with group permissions. And I like the idea, to have the user cerate his groups himself. So, imagine, he has some party images, not applicable for public viewing, but all the party people should be invited to view them.

- working diashow with more than 30 Images (I know, if I install the plugin, it works, but you can not annoy users to do that)

- nice to have, but not a must, if you could geotag the fotos, if you could allow or disallow comments and ratings or if you would be able to mark areas on image with a link to someting (e.g. a users profile)

One word to flickr. Flickr is great, but you have to pay for it. With flickr you can manage access to album, but you only have "friends" and "friends and family". This is fine enouth for many needs, (also for my needs) if the creations and management of groups is to hard to implement. Last but not least, Gallery could become better as flickr.

Torsten Wesolek
http://www.urlaubszeit.de/
http://www.fitnesswelt.com/

 
nivekiam
nivekiam's picture

Joined: 2002-12-10
Posts: 16504
Posted: Thu, 2009-06-18 12:41

Being "community" software, is not Gallery's focus, it's your photos on your website. But G2 is very extendable and I think G3 will be as well, so you or anyone is more than welcome to create a plugin that provides the functionality you want, but it is not and will not be in the core product.

Yes you have to pay for Flickr for unlimited space, but you have to pay for web hosting.... As for the other comments about Flickr, that's where Flickr has put their focus and design desicions. You can't be everything to everyone, otherwise you end up with a huge piece of software like G2 :)

G2's development is done, complete, final. The only thing that might be released is security patches, however, we had a group comb through the code before final release so it's likely to be the last 2.3 release if nothing is found. Unless someone else gets out there and codes another module.

G3 is where all development resources are being poured into.

I hate to sound like someone on a Linux forum when you're asking for help, but if you want that functionality, code it. Either you, a small team of people, or you pay someone to write a module. But now is the time to start looking at that code and if you are absolutely unable to do what you need by extending it, then work with the development team so that possibly changes to the API and/or code base can be made to G3 to accommodate that sort of functionality.

http://gallery.menalto.com/gallery_3_begins
____________________________________________
Like Gallery? Like the support? Donate now!!! See G2 live here

 
bharat
bharat's picture

Joined: 2002-05-21
Posts: 7994
Posted: Thu, 2009-06-18 18:33

+1 to what nivekiam said. We are decidedly not trying to recreate Flickr here. But we are creating an open API so that you can build stuff on top of the core product. If there's something you'd like to see, please file a ticket for it and we'll consider it. Even if we close it, the ticket will provide a place for focused discussion about it.
---
Problems: Check gallery3/var/logs first!
file a bug or feature request | upgrade to the latest code | use git