User (Not Admin) definable group creation/invite/album permissions User (Not Admin) definable group creation/invite/album permissions
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

User (Not Admin) definable group creation/invite/album permissions

Started by paulaerison, November 22, 2004, 04:30:17 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

paulaerison

Have the ability for users to create thier own groups eg;
[EXAMPLE SCENARIO]

Jane wants to put up pictures of her son, John, for her family to see but she read somewhere that putting up pictures and bio information was how pedophiles searched for thier victims.

  • Jane puts up her pictures in her private gallery.
  • Jane creates a new group call "Smith Family, Somewhere ST USA" (City, State, Country are generated as part of her info when she registered)
  • Jane then sends an email with the group invite to her family back in Nowhere, ST by adding all thier email address and sending an invition to register with the board and join the group "Smith Family, Somewhere ST USA".
  • Some of the ppl she sent email to are already registered with thier email address. Rather than waste the bandwidth, coppermine just adds a notice to the users welcome page that they have been invited to a group.
  • Users then accept or decline the invitation.
  • If they decline, they could have three options.
    1) Decline THIS invitation
    2) Decline this GROUP (eg; ignore)
    3) Decline this USER (eg; ignore)

And now only the people that she invites into the group can view the pictures of her son John.

Users should also have the ability to browse groups and "request" that they be added. The group owner/moderator would then invite/decline/ignore the user.

This mod could take anywhere from 2hrs to 2 weeks depending on the level of detail and the degree of completeness and versatility.

Joachim Müller

both requests ("users can create albums in public categories" and "users can invite others to private albums") have been requested before. The first one is not available yet, but being considered for future versions of coppermine, the later will (to some extent) be realized in the current devel version of coppermine (cpg1.4.0), where a user can password-protect albums and is free to share the password with anyone he can think of.

Joachim

Casper

Quote from: GauGau on November 22, 2004, 04:36:39 PM
, where a user can password-protect albums and is free to share the password with anyone he can think of.

Actually even better than that, rather than send the password, which others may pick up, there is also the option to have a password hint in the album login page, such as 'uncle jacks last name', so you just point your family at the directory, and as long as they know the answer, can view the album.
It has been a long time now since I did my little bit here, and have done no coding or any other such stuff since. I'm back to being a noob here

paulaerison

Quote from: Casper on November 22, 2004, 06:14:32 PM
Quote from: GauGau on November 22, 2004, 04:36:39 PM
, where a user can password-protect albums and is free to share the password with anyone he can think of.

Actually even better than that, rather than send the password, which others may pick up, there is also the option to have a password hint in the album login page, such as 'uncle jacks last name', so you just point your family at the directory, and as long as they know the answer, can view the album.

I still feel that the invite/decline/ignore scenario provides a greater degree of flexibility and security... Although at a MUCH greater dev cost. (500-1500 lines verses 40-75 lines)

The password hint could give a "hacker" enough to guess the pw...
The is no way to KNOW who has access
If you want to "ban" somone, you have to change the password and either re-send to everyone or change the "hint"... if it's a family member or RL group member you are trying to ban, they might pick-up on the new hint, OR, find out the information by asking somone else claiming that "you" must have forgotten to send it to them.

I feel that this may be a good "intermediate" solution to the problem, but in the long run invite/decline/ignore is a far more elegent solution befitting the expertiese of this group.


paulaerison

There is a psuedo-hack already in place... Admin creates group, admin edits user, admin adds user to group. All that's needed if for the USER to be able to do that.

add a field, owner_id
make group edit accessible to users with UID=OWNER_ID
add multiselect listbox for removing users
add inputbox for inviting users (no browse feature {privacy and all})
add inputbox for inviting NON-MEMBERS to join the board and group.
add accept/decline form for users.
add BANBOX to group edit. (multiselect listbox with remove (unban) button and input for ban by name/email)
done

would take somone that KNOWS the code (eg; a dev person) about 3-6 hrs. Or perhaps less. not sure.


paulaerison

album admin would need to be changed to allow multi-group-select like the user admin.
category admin should also be enhanced to allow for MGS like the user admin.

categories need to have OWNER_ID so that cat admins (eg, head of family/group) can add new subs/albums
albums might need some tweeking as well so as to know thier parent... but I THINK that's already in there.

if OWNER_ID = USER_ID then allow admin panel.
etc...