Users must have perm to create albums and batch process files Users must have perm to create albums and batch process files
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Users must have perm to create albums and batch process files

Started by forte, July 31, 2006, 09:52:58 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

forte

I have great problem on my site.

Lately we used 1.38 version of coppermine.
We have a group, called "reporters". They was able to create albums in any category, upload files throgh FTP, and batch'em.

Now i did upgrade to last stable Coppermine. What we have?
No one can't create new albums. Just user albums.
Also there's no ability to batch process files. But that is our primary requirement for gallery software.

That's completly not what i expected to see.
We have huge amount of photos every week. Like 10 new albums from different events. I can't create every album by myself, look at every photo to approve it. It must be on reporters responsabilty.

I have looked around in settings, permissions, topics on this forum.
What can i do to make all work as expected?

Also, i want to join gallery with SMF 1.1rc2 in nearest time. So if i must use hacks to imitate lost functionality - they must work with bridge.

Thanks in advance. Hope we will be able to use this software in future..

Joachim Müller

Quote from: forte on July 31, 2006, 09:52:58 AM
Lately we used 1.38 version of coppermine.
Such a version doesn't exist (and never has). Post a link to your coppermine-driven gallery to let use judge by ourselves.

Quote from: forte on July 31, 2006, 09:52:58 AM
We have a group, called "reporters". They was able to create albums in any category, upload files throgh FTP, and batch'em.
Creating public categories and batch-adding are admin-only features. To allow a certain group of users to do so, you'll have to make them admin, which is not recommended at all, since they will have full control over the entire gallery and therefor can ruin your site just with a few clicks. This has been the case for all coppermine versions ever, so if those users did have the privileges to batch-add, they must have been admins in the past. Maybe you used a hack for a previous version to hide other admin controls from them (only visually, not technically). Anyway: granting them FTP access is the real show-stopper, you shouldn't do so unless you trust those users 100% (not only in terms of "trust that they won't misbehave intentionally", but also in terms of "trust that they know what they're doing").
Bottom line: if you have applied a hack/workaround for previous versions, you will of course have to re-apply your custom hack to your sources after upgrading.

forte

sorry, it was 1.3.3.

They have their own logins for ftp, and they was our regular reporters, not big amount of users.
Also, we have general backup of DB and hdd contents, this is granted by our hoster.

Reporters could make new albums in any category previously created by admin. And after upload from FTP - batch new files.

Joachim Müller

Quote from: GauGau on July 31, 2006, 10:13:20 AM
Post a link to your coppermine-driven gallery to let use judge by ourselves.
Did you actually bother to read my reply? You'll have to make them admins to enable them to batch-add and create public categories/albums. Period. Has been the case in cpg1.3.x. Stayed the same in cpg1.4.x. What's the actual question?


forte

They wasn't admin before. We had installed 1.33 without any hacks. Version from this site.

forte

So, my users are not able to create albums in admin-created categories?

Nibbler


forte

Is there any hack to make'it possible???
I see, that gallery is useless if not.

Joachim Müller

Look, I told you before that the ability to create albums within public categories is an admin-only feature. This has always been the case, in all Coppermine versions that ever existed. This has therefor been the case for your previous version as well, so I'm not sure why you insist on this. To answer your question: no, there's no workaround nor hack available. If this is a show stopper for you, then you can't use coppermine (going back to your previous version is not an option either, as it didn't come with that feature neither). However, your users will be able to create personal albums within their user galleries if you allow them to do so.

forte

i found what was that.
all users in group "reporter" has similar rights to admin. =\
don't know how that was enabled, and don't know why i loose this setting while updating.

Joachim Müller

That's what I told you - they must have had admin rights.

forte

let's think how we can avoid giving users admin permission.
i think i can make a mod, that will allow admin move any user gallery to any admin's category.
is it possible in your software structure?
so they will use there own 'pool', and albums will move after my validation to general view.
what i must take into account, if it's possible?

Joachim Müller

Anything is possible if you code it. Might be a bit hard for you though, as what you request has been asked in the past many times over, and many wannabe-coders have failed to accomplish this. All they have basically come up with is some "security by obscurity" stuff - they hid the admin controls for the privileged users, who remained admins and would have been able to do whatever they pleased when going manually to the admin pages.