Require user security levels and access rights to images Require user security levels and access rights to images
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Require user security levels and access rights to images

Started by Beyond_Doubt, March 16, 2006, 10:27:15 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Beyond_Doubt

This is a request similar to the questions that can be found in these threads here and in here.

I have a bridged version of Coppermine into PragmaMx
Coppermine is version 1.4.4

I need to be able to assign a User Level to each and every user (selectable from Edit User screen in Admin section)
There will be 4 User Levels and they should be such that in use they grants access to images at that level, and the levels below it.
The lowest level will not be able to access the Coppermine module at all (already part of the PragmaMx setup)

(Possible all four Levels are seperate Fields in the database, each with a Yes / No option?)

When uploading an image to the gallery the uploader must be able to select the Level that he wishes to restrict access to.
For example, he uploads and selects Grade 3. Thereafter only Levels 3 and 4 can see that image.
Level 2 will see nothing. He should not be aware that an item has been loaded.
The protection must stop random guessing to the PictureID number.
Level 1 cannot see the gallery.

(A drop down box with the level selectable in upload screen?)
(A check done when viewing thumbnail albums that user Security Level => Image Level ?)

I am hoping to have this done for the end of March, and for something in the region of $50.

I have also posted this on the PragmaMx board.

Cheers!

Beyond_Doubt

It could be that the standard access control is left as it is.
You can either see the module, or you cannot.

And then an extra check is made on 3 new fields in the database.

This would probably require the least effort in coding.
1) Add three fields to User table in DB.
2) Add a three fields into the Image table in the DB.
2) Add three input boxes onto the Edit User admin screen (yes/no)
3) Add three input boxes onto the Image Upload screen (yes/no. All default to Yes giving the least protection)
4) Add a php check to see that user Security Level => Image Level

Does this seem sensible?

Beyond_Doubt

I don't wish to appear pushy, I know it's only been 4 days since I made the request...but...

I really could do with this functionallity to make the entire website viable.

I would really appreciate any considered replies, any guidance into why this is a difficult thing to tackle, or how best to achieve the desired result.

Hell, even some pointers as to which files need to be altered so I can tackle on my own (with my near-zero level of PHP knowledge) if things get really desperate :D


Here's hopin' !

Joachim Müller

When asking for support on the Pragma port it might be a good idea to start requests on their forum, as the people who usually look at this board here don't know nor understand PragmaMx, so they will shy away from your request. Please note that there is no guarantee that anyone will look into your issues at all - this board is meant to bring freelancers and customers together. Please review the sticky thread on this sub-board.