can't limit upload access can't limit upload access
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

can't limit upload access

Started by jacksonpt, November 18, 2005, 09:25:51 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

jacksonpt

November 18, 2005, 09:25:51 PM Last Edit: November 18, 2005, 10:04:49 PM by Nibbler
OK, the basics:

GoDaddy hosting - Linux/php/mysql
Coppermine v 1.35
phpbb v 2.0.17
my boards: www.cycle-cny.com/phpbb
my galleries: www.cycle-cny.com/phpbb/Coppermine

I've got quite a bit of experience with phpbb, but I'm very new to coppermine.  I've got a handful of usergroups defined on my boards, each one with different access rights in the forums.

I installed coppermine and bridged it with no problems.  In the admin view under the groups tab, all my usergroups appear as they should.  I've gone down the list and turned off upload permissions for all but two groups: Admin and Members.

My goal is to setup Coppermine so all registered users can see the galleries, but only users in the Admin and Members groups can upload files and create galleries.  I thought I had everything setup properly, but the way it currently stands, anyone can create galleries and upload files to it.

What am I missing? 

Nibbler

#1
November 18, 2005, 09:30:30 PM
I think you'll find that all registered users are in the members group and so all have upload permissions. If you enable debug mode and login as various types of user you can see which groups you are in in the debug output.

jacksonpt

#2
November 18, 2005, 09:43:47 PM
In phpbb, if I look at the usergroups, and who are members of each, my Members group only has about 15 people in it.

I created a test user "Pauly" - the user has no posts, and is only a member of the Users usergroup (not in Members).  He can upload files.

I'll go into debug mode though as a double-check and see what happens

jacksonpt

#3
November 18, 2005, 09:49:45 PM
OK... here is the debug output - help me understand what it all means (i.e. what the numbers represent).

This is the output for the admin acount, who should be able to do just about everything:
Code Select

USER:
------------------
Array
(
    [ID] => a6824ed6d8a50e030be519037bd1d1e9
    [am] => 1
    [liv] => Array
        (
            [0] => 18
            [1] => 10
            [2] => 11
            [3] => 21
            [4] => 22
        )

)

==========================
USER DATA:
------------------
Array
(
    [0] => 2
    [user_id] => 2
    [1] => jacksonpt
    [user_name] => jacksonpt
    [2] => 1
    [user_level] => 1
    [groups] => Array
        (
            [0] => 1
            [1] => 2
            [2] => 8
            [3] => 9
            [4] => 10
            [5] => 101
        )

    [group_quota] => 0
    [can_rate_pictures] => 1
    [can_send_ecards] => 0
    [can_post_comments] => 1
    [can_upload_pictures] => 1
    [can_create_albums] => 1
    [pub_upl_need_approval] => 0
    [priv_upl_need_approval] => 0
    [upload_form_config] => 1
    [num_file_upload] => 5
    [num_URI_upload] => 3
    [custom_user_upload] => 0
    [disk_max] => 50000
    [disk_min] => 0
    [ufc_max] => 1
    [ufc_min] => 1
    [has_admin_access] => 1
    [group_name] => Admin
    [can_see_all_albums] => 1
    [group_id] => 1
)


compared to my test account, who should only be able to view the galleries:
Code Select

USER:
------------------
Array
(
    [ID] => a6824ed6d8a50e030be519037bd1d1e9
    [am] => 1
    [liv] => Array
        (
            [0] => 18
            [1] => 10
            [2] => 11
            [3] => 21
            [4] => 22
        )

)

==========================
USER DATA:
------------------
Array
(
    [0] => 110
    [user_id] => 110
    [1] => Pauly
    [user_name] => Pauly
    [2] => 0
    [user_level] => 0
    [groups] => Array
        (
            [0] => 2
            [1] => 10
        )

    [group_quota] => 0
    [can_rate_pictures] => 1
    [can_send_ecards] => 0
    [can_post_comments] => 1
    [can_upload_pictures] => 1
    [can_create_albums] => 1
    [pub_upl_need_approval] => 0
    [priv_upl_need_approval] => 0
    [upload_form_config] => 1
    [num_file_upload] => 5
    [num_URI_upload] => 3
    [custom_user_upload] => 0
    [disk_max] => 50000
    [disk_min] => 0
    [ufc_max] => 1
    [ufc_min] => 1
    [has_admin_access] => 0
    [group_name] => Members
    [can_see_all_albums] => 0
    [group_id] => 2
)

jacksonpt

#4
November 18, 2005, 09:52:18 PM
Here is a screenshot of my members usergroup - only about 1/5 of the total registered users.  And my test account (Pauly) is NOT a member.

Nibbler

#5
November 18, 2005, 09:54:47 PM
All your members are in the 'members' group in Coppermine. The fact you also have a group in phpbb named 'members' is confusing things. Make sure you are setting permissions on the right group.

jacksonpt

#6
November 18, 2005, 10:03:32 PM
Ah, ok... when I bridged to phpbb and saw the members group, I assumed it was the same group I had setup in phpbb.  I renamed that group and it has cleared things up.  Thanks.
Print
Go Up Pages1
User actions