Edit but no delete permission (to user) in public albums? Edit but no delete permission (to user) in public albums?
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Edit but no delete permission (to user) in public albums?

Started by cgc0202, June 07, 2006, 08:05:53 AM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

cgc0202

Hi,

I  believe (???) I found a mod awhile back where a user may post pic in a public album, but instead of the standard option -- activated by the Admin through the Config -- where the user may be allowed to edit and delete his/her submission(s); the  "edit but not delete" mod will allow the user to edit attributes of the photos (s)he submitted but not give permission to the user to  delete the photo itself.

I lost the link, unfortunately -- assuming of course I am not projecting my wishful thinking as reality *smiles* -- and now I cannot find such link in the permissions forum categories (1.4 and mods sections).  Instead, right now what I found only is the delete permissions:

http://forum.coppermine-gallery.net/index.php?topic=12074.0

So, I wonder now  if such a thread has been created, rather than a figment of my imagination.

cgc0202

Joachim Müller

This is a two-step process: you remove the delete option from the user's hands, and you make sure that users can't run the delete command in delete.php.
Edit displayimage.php, find  if ((USER_ADMIN_MODE && $CURRENT_ALBUM_DATA['category'] == FIRST_USER_CAT + USER_ID) || ($CONFIG['users_can_edit_pics'] && $CURRENT_PIC_DATA['owner_id'] == USER_ID && USER_ID != 0) || GALLERY_ADMIN_MODE) {
    $picmenu .= <<<EOT
     <a href="javascript:;" onclick="return MM_openBrWindow('picEditor.php?id={$CURRENT_PIC_DATA['pid']}','Crop_Picture','scrollbars=yes,toolbar=no,status=yes,resizable=yes')" class="admin_menu" >{$lang_display_image_php['crop_pic']}</a> <a href="editOnePic.php?id={$CURRENT_PIC_DATA['pid']}&amp;what=picture"  class="admin_menu">{$lang_display_image_php['edit_pic']}</a> <a href="delete.php?id={$CURRENT_PIC_DATA['pid']}&amp;what=picture"  class="admin_menu" onclick="return confirm('{$lang_display_image_php['confirm_del']}'); return false; ">{$lang_display_image_php['del_pic']}</a>
EOT;
  }
and replace with  if (GALLERY_ADMIN_MODE) {
    $picmenu .= <<<EOT
     <a href="javascript:;" onclick="return MM_openBrWindow('picEditor.php?id={$CURRENT_PIC_DATA['pid']}','Crop_Picture','scrollbars=yes,toolbar=no,status=yes,resizable=yes')" class="admin_menu" >{$lang_display_image_php['crop_pic']}</a> <a href="editOnePic.php?id={$CURRENT_PIC_DATA['pid']}&amp;what=picture"  class="admin_menu">{$lang_display_image_php['edit_pic']}</a> <a href="delete.php?id={$CURRENT_PIC_DATA['pid']}&amp;what=picture"  class="admin_menu" onclick="return confirm('{$lang_display_image_php['confirm_del']}'); return false; ">{$lang_display_image_php['del_pic']}</a>
EOT;
  } elseif ((USER_ADMIN_MODE && $CURRENT_ALBUM_DATA['category'] == FIRST_USER_CAT + USER_ID) || ($CONFIG['users_can_edit_pics'] && $CURRENT_PIC_DATA['owner_id'] == USER_ID && USER_ID != 0)) {
    $picmenu .= <<<EOT
     <a href="javascript:;" onclick="return MM_openBrWindow('picEditor.php?id={$CURRENT_PIC_DATA['pid']}','Crop_Picture','scrollbars=yes,toolbar=no,status=yes,resizable=yes')" class="admin_menu" >{$lang_display_image_php['crop_pic']}</a> <a href="editOnePic.php?id={$CURRENT_PIC_DATA['pid']}&amp;what=picture"  class="admin_menu">{$lang_display_image_php['edit_pic']}</a>
EOT;
  }
- this will take care of step one.
If you're paranoid, go to step two and find out where you have to modify delete.php. You get the idea...

Paver

Joachim's code suggestion reminds me of a possibly useful plugin.

For some reason, it escaped me until he wrote it out.

I think this plugin works for all albums, not just user galleries.  If so, please post on the plugin thread saying so as a "report", so others may benefit from this knowledge.

cgc0202

Thanks very much Gaugau, Paver:

Yes, this is what I have been looking for.   

Quote from: GauGau on June 07, 2006, 09:00:31 AM
This is a two-step process: you remove the delete option from the user's hands, and you make sure that users can't run the delete command in delete.php.
Edit displayimage.php, ...

I will try your script in one of my test galleries Gaugau, once I finished the skeleton of the multiple galleries. 

Quote from: GauGau on June 07, 2006, 09:00:31 AM
...- this will take care of step one. If you're paranoid, go to step two and find out where you have to modify delete.php. You get the idea...

Just for the record, it is not so much paranoia.  Rather, this very useful feature is related to the  other interrelated threads that Paver and I have been discussing involving multiplegalleries and large archives.  Even unintentional deletion of photos through a single album can wreak havoc in the unconventional "multigalleries" format that I am exploring.

However, even in a simple gallery, I consider this is a very important permissions feature because  I think it allows the activation of the feature "Allow users to retain control over their pics in public galleries" in the Configuration -- without pics that were already selected to be included in the permanent archives to be deleted.  At least, from the  perspective of developing a collaborative photogallery website, the combination of the aforementioned Edit but no delete permissions optimizes the participation of as many users without essentially conceding "full administrative" permissions to individual photos.

Paver, it is the thread you linked  above that I was looking for.  I thought it was a mod and so I was concentrating in the permissions mods section and the permissions section in v1.4x.  Again, it was most likely burried in the "delete" search I used but not included in the list of  more specific search I have tried, and so I missed it.

However, when I first read it, the link you provided above stated: 

Quote from: Paver on March 13, 2006, 08:29:45 PM
This plugin was commissioned and funded by CD69; the history is in this thread.

This plugin removes the ability for users to delete photos and albums from their user galleries.  The buttons & checkboxes are gone, and just in case some user becomes enterprising, the processing of the delete functions has been disabled....

and so I thought it would not work for public albums and have not explored its use when I first read about it.  Now, in your post above you stated:

Quote from: Paver on June 07, 2006, 09:19:08 AM
I think this plugin works for all albums, not just user galleries. 

That would indeed be quite powerful, if either or both are for all albums -- but when I reread your post above Paver, I think you might be  referring more to Gaugau's script rather than the plugin from the other thread you linked above?  I will try it in one of the test galleries, once I have completed the other multiplegalleries.

Quote from: Paver on June 07, 2006, 09:19:08 AM
... If so, please post on the plugin thread saying so as a "report", so others may benefit from this knowledge.

I am not sure who you are addressing in this, Paver.  I assume it is Gaugau, for his script?

Thanks again to both of you.

cgc0202


Paver

Quote from: cgc0202 on June 07, 2006, 10:31:28 AM
However, even in a simple gallery, I consider this is a very important permissions feature because  I think it allows the activation of the feature "Allow users to retain control over their pics in public galleries" in the Configuration -- without pics that were already selected to be included in the permanent archives to be deleted. 
A note here: more granular permissions are being considered for future versions of Coppermine; it's one of the most requested features.  However it requires an overhaul of the permissions system to not only implement such permissions, but also to administer such permissions.  As such, there is no saying when such a system will be available.

Quoteand so I thought it would not work for public albums ...
I just checked.  The "Delete Control" plugin works for all delete buttons, in user galleries or in public galleries.  It's "dumb", so it just removes any delete buttons it finds.  Only administrators will see the delete buttons.  So if you set the option "Allow users to retain control over their pics in public galleries" and install this plugin, then you now effectively have "Allow users to edit their pics in public galleries", with no delete permission.  My plugin is basically a plugin version of the code GauGau posted, including his suggestion for step #2.

QuoteI am not sure who you are addressing in this, Paver.  I assume it is Gaugau, for his script?
No, I was referring to the plugin.  I'll post the information in the plugin thread, so others will know that it works in all cases.

QuoteThanks again to both of you.
You're welcome.

A last note, this plugin is also "dumb" in that it just removes all delete buttons when installed, and of course doesn't when not installed.  It would be relatively easy to make a group selection panel to select which groups lose their delete control and which don't.  I already did such a thing for the plugin "Full-Size Photos Access Control", so I can copy that code and be done with it.  It's on my list of things to do.

cgc0202

Thanks Paver,
Quote from: Paver on June 07, 2006, 03:52:15 PM
A note here: more granular permissions are being considered for future versions of Coppermine; it's one of the most requested features.  However it requires an overhaul of the permissions system to not only implement such permissions, but also to administer such permissions.  As such, there is no saying when such a system will be available.
Yes, Abbas also did mention about the difficulty and complexity of the granulation of the permissions. This will be  a welcome development for future versions.

Quote from: Paver on June 07, 2006, 03:52:15 PM
I just checked.  The "Delete Control" plugin works for all delete buttons, in user galleries or in public galleries.  It's "dumb", so it just removes any delete buttons it finds.  Only administrators will see the delete buttons.  So if you set the option "Allow users to retain control over their pics in public galleries" and install this plugin, then you now effectively have "Allow users to edit their pics in public galleries", with no delete permission.  My plugin is basically a plugin version of the code GauGau posted, including his suggestion for step
No, I was referring to the plugin.  I'll post the information in the plugin thread, so others will know that it works in all cases.
This is good news.  I will incorporate this as soon as possible.

Quote from: Paver on June 07, 2006, 03:52:15 PM
A last note, this plugin is also "dumb" in that it just removes all delete buttons when installed, and of course doesn't when not installed.  It would be relatively easy to make a group selection panel to select which groups lose their delete control and which don't.  I already did such a thing for the plugin "Full-Size Photos Access Control", so I can copy that code and be done with it.  It's on my list of things to do.
I look forward to these further developments of these features.

Thanks.

cgc0202