Gallery2:Users and Permissions - Gallery Codex
Personal tools

Gallery2:Users and Permissions

From Gallery Codex

The following is a rough outline of what should be in this section of the Wiki. Please help to fill it out...

For each section below, provide a definition for each type of permission. Most important, are there any permissions unique to Site Admins that cannot be assigned to other users or groups?

Permissions

Overview of permissions in Gallery2.

Gallery2 permissions can be set up by Group and/or by User.

From the Site Admin link, you can create Users, and then if desired create a Group or Groups to add these users to their specific Groups.

For the initial explanation, assume we're just going to add a User, fill in the fields for this User and consider whether you want to "Lock" that user (prevent them from changing their own User fields).

After you have a user added/created, go to an album that you would like to have be protected from everyone else, except you (the administrator), or this specific user.

In the sidebar of the Album, select "Edit Permissions". You will see the following sections:

1. Owner

  CHANGES OWNER of this album, and has it's own check box to apply this owner change to all sub-albums if desired

2. Apply Changes

  APPLIES CHANGES of the sections below to all sub-albums (ON by default - will propagate to sub-albums)

3. Group Permissions

  DISPLAYS and allows REMOVAL of permissions currently allowed for specific Groups of Users.  For protected albums, you will probably want to initially remove all of these groups permissions except for Site Admins (which you can't remove - for good reason).

4. New Group Permission

  ADDS specific permissions for a specific Group of Users (will show up in section 3. when you get done adding)

5. User Permissions

  DISPLAYS and allows REMOVAL of permission currently allowed for specific Users.  For protected albums, you will probably want to remove all of initially remove all of these Users, except for your own User name.

6. New User Permission

  ADDS specific permissions for a specific User (will show up in section 5. when you get done adding)

Here's an example of setting an Album, such that only User "Brother Bill" can see the album (and me the administrator).

After going to desired album, and selecting "Edit Permissions" from the sidebar (you must be logged in as a user with administrator privileges to do this):

In section 3. Group Permissions, go through each Group name / permission combination, and select Remove for each Group/Permision. At the end of this process, section 3 should be empty except for Site Admins / All access.

In section 5. User Permissions, go through each User name / permission combination (EXCEPT your username), and select Remove. At the end of this process, section 5 should be empty except for your User name / All access.

Now in section 6. New User Permission, enter "Brother Bill" and for permission select "[core] View all versions" and then hit "Add Permission". This permission will now appear in section 5. for User "Brother Bill".

Repeat working in section 6. to add "Brother Bill" for permissions like: "[comment] All Access", "[cart] Add to cart", etc. until "Brother Bill" appears in section 5. with all of the desired permissions you'd like him to have.

When you're done, you can hit "Logout", to check that you can't see the album. Then try "Login" as "Brother Bill" to confirm that you can now see the album. You can then check that as "Brother Bill" you can do the things that you set up in his permissions, and ONLY the things that you gave permissions to do within that album.

With this understanding of how User permissions work, it should hopefully be apparent that if you have other family members like "Sister Sue", it would be easier to create a User, "Sister Sue", and add her to a Group "Family" (along with "Brother Bill"). Once, you've got the Group permissions set up to allow the correct things for the Group "Family", you can then easily add Users "Mom" and "Dad" to the Group "Family" and then they'll have instant access to all albums allowed by Group "Family". Setting up Group permissions, works just like setting up User permissions except that you only need to work in sections 3 and 4, and you just need to add the desired permissions *once* for the entire "Family" Group (as opposed to many times for each User, "Mom", "Dad", etc.).


Cart

Controls whether Users and/or Groups can add items to their carts (for download or printing).


Comments

Controls what Users and/or Groups can do with comments:

[comments] Add comments [comments] All access [comments] Delete comments [comments] Edit comments [comments] View comments

Core

Controls what actions Users and/or Groups can do with albums or items (photos):

[core] Add sub-album

[core] Add sub-item

[core] Add item

All access

[core] Change item permissions

[core] Delete item

[core] View item

  • Allows user to view the item's thumbnail (DERIVATIVE_TYPE_IMAGE_THUMBNAIL)
  • Sets the core.view permission internally

[core] View all versions

  • Allows user to view the item's thumbnail, original (and/or preferred), and resizes
  • Sets all of core.view, core.viewSource, and core.viewResizes permissions internally

[core] View resized version(s)

  • Allows user to view the item's resizes (DERIVATIVE_TYPE_IMAGE_RESIZE)
  • Sets the core.viewResizes permission internally
  • Also needs "View Item" set (to view a resize BOTH view.core and view.coreResizes must be set.)

[core] View original version

  • Allows user to view the item's original and/or preferred (DERIVATIVE_TYPE_IMAGE_PREFERRED)
  • Sets the core.viewSource permission internally
  • Also needs "View Item" set (to view the original or preferred BOTH view.core and view.coreSource must be set.)

Note for programmers: Several functions check core.view. Examples are GalleryCoreApi::fetchChildItemIds, GalleryCoreApi::fetchChildDataItemIds, and GalleryCoreApi::fetchChildAlbumItemIds. So, the array of child item IDs will already have core.view checked, and you know you can load the thumbnail for that item. But you should check for core.viewSource and/or core.viewResizes before loading original/preferred or resizes, respectively. GalleryCoreApi::hasItemPermission($id), GalleryCoreApi::fetchChildItemIdsWithPermission($id, 'permission.name'), and GalleryCoreApi::fetchPermissionsForItems($ids) are three methods (of several available) for checking these permissions before loading the additional images. An example follows (valid for G2 2.2.x - needs to be updated for G2 2.3):

function getAllChildImageItemsForAlbum($albumId) {
    //
    // First load the item for the albumId
    //
    list ($ret, $albumItem) =GalleryCoreApi::loadEntitiesById($albumId);
    if($ret) {
        return array ($ret, null, null, null, null);  // Exit, returning the error
    }  
    //
    // Get the child data item IDs (will only return IDs for child data items 
    // that have core.view set for the current user)
    //
    list ($ret, $childItemIds) = GalleryCoreApi::fetchChildDataItemIds($albumId);
    if($ret) {
        return array ($ret, null, null, null, null);  // Exit, returning the error
    }  
    //
    // Since we know that $childItemIds already had core.view checked,
    // we can just load the thumbnails for the entire array.
    //
    list ($ret, $thumbnailImageItems) = GalleryCoreApi::fetchThumbnailsByItemIds( $childItemIds );
    if ($ret) {
        return array ($ret, null, null, null, null);
    }
    //
    // However, we don't know if the current user has permission to see the original/preferred
    // and/or resizes for each childItemId, so we'll have to check.
    //
    // First get all of the permissions for the array of IDs.
    //
    list ($ret, $permissions) = GalleryCoreApi::fetchPermissionsForItems( $childItemIds );
    if ($ret) {
        return array ($ret, null, null, null, null);
    }
    //
    // Next build arrays of IDs that have the viewSource and viewResizes permissions
    //
    $childItemIdsSource = array ();
    $childItemIdsResizes = array ();
    foreach ($ids as $id) {
        if (isset($permissions[$id]['core.viewSource'])) {
            $childItemIdsSource[] = $id;
        }
        if (isset($permissions[$id]['core.viewResizes'])) {
            $childItemIdsResizes[] = $id;
        }
    }
    //
    // Now we can load the preferreds for the viewSource ID array
    //
    list ($ret, $fullsizeImageItems) = GalleryCoreApi::fetchPreferredsByItemIds( $childItemIdsSource );
    if ($ret) {
        return array ($ret, null, null, null);
    }
    //
    // If there was no preferred for a given ID, we need to load the original instead
    //
    foreach ($childItemIdsSource as $id) {
        if (empty($fullsizeImageItems[$id])) {
            list ($ret, $item) = GalleryCoreApi::loadEntitiesById($id);
            if ($ret) {
                return array ($ret, null, null, null);
            }
            $fullsizeImageItems[$id] = $item;
        }
    }
    //
    // Now we can load the resizes for the viewResizes ID array
    //
    list ($ret, $resizeImageItems) = GalleryCoreApi::fetchResizesByItemIds( $childItemIdsResizes );
    if ($ret) {
        return array ($ret, null, null, null);
    }
    return array($ret, $childItemIds, $thumbnailImageItems, $fullsizeImageItems, $resizeImageItems);
}

Rating

Controls what actions Users and/or Groups can do with ratings:

[rating] Add ratings

[rating] All access

[rating] View ratings


Shutterfly

Controls whether Users and/or Groups can print to shutterfly photo service:

[shutterfly] Print

Setting Permissions by User

Default User Groups: Site Admins & Everyone

Site Admins

Overview.

Detailed description of default Site Admins permissions.

Some permissions are unique to Site Admins (only users in the Site Admins group are able to obtain these permissions).


Everyone

Overview.

Detailed description of default Everyone permissions.

Adding a User Group

Setting Permissions by Group

advertisements