Hack needed for additional album permissions Hack needed for additional album permissions
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Hack needed for additional album permissions

Started by lamama, August 05, 2010, 08:43:25 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

lamama

I fear I can't wait any longer for the long-requested but still far-out-of-sight-ability to grant more than one usergroup the permission to see an album.

That's why I want to apply a hack that allows ONE additional, 'hardcoded' usergroup to access all albums with (for example) album_id > 648.

As I don't fully yet understand how CPG manages it's permissions interenally: could anybody give me a hint where such a hack should be applied?

Thanks in advance for any kind of help!

Αndré

Which user group has access to a particular album is stored in the field visibility. Search in the Coppermine code for this word. You could change the int value to an array and check against that array while determining if the user has access or not. Finally change the drop down box to a 'multiple select box' (don't know the correct name now).

I think we can apply those changes to cpg1.5.x, as we don't need new language strings as far as I can see.

lamama

Thanks, that was the kind of hint I needed. Will take a few days until I find the time to look at it (holidays are over...).

Quote from: Αndré on August 17, 2010, 10:49:25 AM
I think we can apply those changes to cpg1.5.x, as we don't need new language strings as far as I can see.

THAT woud be really cool.


Αndré

Quote from: Αndré on August 17, 2010, 10:49:25 AM
You could change the int value to an array and check against that array
Please have a look how this is solved for additional user groups. We store them comma seperated. That's not the best solution regarding third database normal form (don't know if this is the correct English expression), but it works.