Upload permission in albums on group basis - Page 5 Upload permission in albums on group basis - Page 5
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Upload permission in albums on group basis

Started by Abbas Ali, September 08, 2006, 10:07:26 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Abbas Ali

Quote from: daverj on March 05, 2008, 01:29:28 AM
If I understand the mod correctly, then I can set Registered users to upload to albums set for them, and publishers can upload to albums set for them, but publishers would not be able to upload to the albums set for Registered users.

Is this correct?

Yes, this is correct.

Quote
If this is true, is there another way to allow anybody but guests to upload to one set of albums but only members of a certain group to upload to other albums? (everybody except guests gets to see everything)

I am afraid no. The mod only supports one group at a time.
Chief Geek at Ranium Systems

daverj

QuoteI am afraid no. The mod only supports one group at a time.

Nuts!

OK, I downloaded the mod in order to look at the code in the hopes that maybe I could modify it further to do what I need.

I noticed a couple of things that surprised me, and one that might allow me to do what I need.

1 - In modifyalb.php, in the added function "form_upload_group" it looks as if a hidden form field is created instead of the dropdown list if the Config option "Allow Private Albums" is not enabled.

-- if this is true, why? I thought that "Allow Private Albums" is an option controlling who can see albums, and that if it is turned off then all albums are publicly viewable, but that it has nothing to do with who can upload to albums.

-- I also wonder if this might explain some of the posts earlier in this thread where people installed the mod and never saw the dropbox to select the group. Perhaps they had "Allow Private Albums" turned off.

2 - in that same function it looks like users have the ability to select an upload group for the albums they create in their own user gallery.

-- This surprised me, but I guess it's a way for users to create an album (public or private) that they want other members to be able to upload to

3 - It looks like if the "upload group" field is set to "0" for an album then uploads are not restricted to a specific group and any group that is allowed public uploads would be able to upload to that album.

-- If this is true, then it solves my problem. I could make the albums in one category set this way, with the upload group field set to "0" and members of both the Registered group and the Publishers group would be able to upload to them (as well as any other group that has public uploads allowed). I could then set the upload group field in the other albums to allow only the Publishers group to upload to those albums. The result would be that Publishers can then upload to any albums in the public section and Registered users can upload only to some of those albums. If that works, it is exactly what I need.


Am I understanding these three things correctly?

Abbas Ali

Its been long time since i last looked at the mod code - so i almost forgot everything (codewise) :). I will again have to go through the code and come up with answers to your questions.
Chief Geek at Ranium Systems

daverj

If it's too much trouble, don't worry about it.

It looks like it's easy enough to install, and then remove if it won't do what I need or I can't figure out how to make the changes I need.

daverj

OK, I went ahead and installed the mod. I copied your mods into the 1.4.16 versions of those files, since there seem to be a couple of updates in some of them.

The mod works well, and looks like it will do what I need. Though I will probably make a change to it relating to my question #1 above.

The dropdown list for who can upload does have as it's first choice "Everybody (public album)". So this means that I can have some albums set to allow everybody to upload (which in my case are only two groups, Registered and Publishers), and then set some other albums so only the Publishers group can upload to them.

The only glitch for me is what I suspected in question #1 above. The dropdown list is not shown in the album settings if the gallery is configured to not allow private albums. Being new to Coppermine I don't know if there was some specific reason that you coded it that way, and there would be some issues if it was used in a gallery set up without private galleries.

Unless there is a specific reason not to, I plan to modify the code so the dropbox is shown without taking the "allow private albums" config setting into consideration.

My personal preference for this gallery is that all albums are publicly viewable, but prevent normal members from uploading to certain ones.

==========

So, to answer my own questions (in case anybody else reading this is interested for their own galleries):

#1 - Yes, the option to set upload groups is not visible in the Album Properties page if the gallery is configured with "Allow Private Albums" turned off

#2 - No, it seems I was mistaken that users would be able to set this option on their own user galleries. I'll have to go back and re-read the code I mentioned. I must have misunderstood what it was doing.

#3 - Yes, the default setting for the upload group is "Everybody" which lets you set some albums for all users to upload to and set other albums so only members of a given group can upload to them.

daverj

Well, I looked at the code again and now I see why it isn't showing up for non-admins in their user galleries, but I still have some confusion since it looks like code was added to do that and then circumvented elsewhere.

In the top of modifyalb.php is this code which makes sure that form field is only shown to admins:

if (GALLERY_ADMIN_MODE) {
  $data[] = array('Which group can upload photos', 'upload_group', 8);
}


But further down, in the function "form_upload_group" is the following code in an IF/ELSE statement:

    if (GALLERY_ADMIN_MODE) {

            .... (I removed the code here to make this post smaller) ....

    } else {
        $options = array(0 => $lang_modifyalb_php['public_alb'],
            FIRST_USER_CAT + USER_ID => $lang_modifyalb_php['me_only'],
            );
        $result = cpg_db_query("SELECT group_id, group_name FROM {$CONFIG['TABLE_USERGROUPS']} WHERE group_id IN " . USER_GROUP_SET);
        while ($group = mysql_fetch_array($result)) {
            $options[$group['group_id']] = sprintf($lang_modifyalb_php['groupp_only'], $group['group_name']);
        } // while
    }


That's the part that confused me, and I mentioned in question #2 above. It seems to create that dropbox for non-admins in the album settings for private galleries. When I discovered the other code up above that only adds that dropbox to the page when in Admin Mode, I understand now why I didn't see the dropbox while logged in as a regular user with a private album. But it's still confusing why the code shown above exists at all since it will never be used.

There was also some commented out code above it in the section used to create the field for admins, so I am kind of guessing that while you were creating this mod you had this feature in mind, but then disabled it and never removed the extra code.

daverj

I guess new members here can't modify their own posts.

I forgot to add to the above post that just above the IF/ELSE block I quoted (the second block of code on the previous post) is the statement that is preventing this form field from showing up on sites that have "allow private albums" turned off:

    if (!$CONFIG['allow_private_albums']) {
        echo '        <input type="hidden" name="' . $name . '" value="0" />' . "\n";
        return;
    }


luigi72

Hi.

I have installed  Coppermine Photo Gallery 1.4.18 (stable). I would like to modify permissions for registered users in categories or galleries, that users can create their private albums (and they can upload their files, photos, albums). How can I modify that or what and where to modify?

Thanks for quickly answer.

Hein Traag


luigi72

Sorry, but ver.1.4.19 is "only" a security update and not for modify permissions... Or I mislead?

Joachim Müller

Do not try to discuss the need to update here. Just do as suggested and upgrade!

luigi72

Hi,

I have a second problem.

I am the administrator for my coppermine gallery. With categories i have not problem, but with albums I have a big problem. If I want create new album into the categorie and when I push the albums button, he write me a mystake "You have not permissions". What can be bad?

Thanks for quickly answer.

Sorry for my english  :(

luigi72

This category is not public (is not for all users, is just for me).

Abbas Ali

By albums button you mean "Albums" menu in top admin menu?
Chief Geek at Ranium Systems


Abbas Ali

Enable debug mode and see on what line the error is coming. Also attach your albmgr.php file to this thread.
Chief Geek at Ranium Systems

luigi72

#96
Hi,

the error is (in slovak language):

Súbor: /domains1/gh290100/public/www_root/galeria/albmgr.php - Riadok: 348
(File: /domains1/gh290100/public/www_root/galeria/albmgr.php - Line: 348)

Info for coppermine support:

USER:
------------------
Array
(
    [ID] => d565d3d72921b3aed7b7aa85e7dadd5b
    [am] => 1
    [lang] => slovak
    [liv] => Array
        (
        )

)

==========================
USER DATA:
------------------
Array
(
    [user_id] => 1
    [user_name] => ********
    [groups] => Array
        (
            [0] => 1
        )

    [disk_max] => 0
    [disk_min] => 0
    [can_rate_pictures] => 1
    [can_send_ecards] => 1
    [ufc_max] => 3
    [ufc_min] => 3
    [custom_user_upload] => 0
    [num_file_upload] => 5
    [num_URI_upload] => 3
    [can_post_comments] => 1
    [can_upload_pictures] => 1
    [can_create_albums] => 1
    [has_admin_access] => 1
    [pub_upl_need_approval] => 0
    [priv_upl_need_approval] => 0
    [group_name] => Administrators
    [upload_form_config] => 3
    [group_quota] => 0
    [can_see_all_albums] => 1
    [group_id] => 1
)

==========================
Queries:
------------------
Array
(
    [0] => SELECT extension, mime, content, player FROM cpg14x_filetypes; (0s)
    [1] => select * from cpg14x_plugins order by priority asc; (0s)
    [2] => delete from `gh290102db`.cpg14x_sessions where time<1228206323 and remember=0; (0s)
    [3] => delete from `gh290102db`.cpg14x_sessions where time<1227000323; (0s)
    [4] => select user_id from `gh290102db`.cpg14x_sessions where session_id = '87ae45617e32965588d43cdae37c1e69' (0s)
    [5] => select user_id as id, user_password as password from `gh290102db`.cpg14x_users where user_id=1 (0s)
    [6] => SELECT u.user_id AS id, u.user_name AS username, u.user_password AS password, u.user_group+100 AS group_id FROM `gh290102db`.cpg14x_users AS u INNER JOIN `gh290102db`.cpg14x_usergroups AS g ON u.user_group=g.group_id WHERE u.user_id='1' (0s)
    [7] => SELECT user_group_list FROM `gh290102db`.cpg14x_users AS u WHERE user_id='1' and user_group_list <> ''; (0s)
    [8] => SELECT MAX(group_quota) as disk_max, MIN(group_quota) as disk_min, MAX(can_rate_pictures) as can_rate_pictures, MAX(can_send_ecards) as can_send_ecards, MAX(upload_form_config) as ufc_max, MIN(upload_form_config) as ufc_min, MAX(custom_user_upload) as custom_user_upload, MAX(num_file_upload) as num_file_upload, MAX(num_URI_upload) as num_URI_upload, MAX(can_post_comments) as can_post_comments, MAX(can_upload_pictures) as can_upload_pictures, MAX(can_create_albums) as can_create_albums, MAX(has_admin_access) as has_admin_access, MIN(pub_upl_need_approval) as pub_upl_need_approval, MIN( priv_upl_need_approval) as  priv_upl_need_approval FROM cpg14x_usergroups WHERE group_id in (1) (0s)
    [9] => SELECT group_name FROM  cpg14x_usergroups WHERE group_id= 1 (0s)
    [10] => update `gh290102db`.cpg14x_sessions set time='1228209923' where session_id = '87ae45617e32965588d43cdae37c1e69' (0s)
    [11] => SELECT user_favpics FROM cpg14x_favpics WHERE user_id = 1 (0s)
    [12] => DELETE FROM cpg14x_banned WHERE expiry < '2008-12-02 11:25:23' (0s)
    [13] => SELECT * FROM cpg14x_banned WHERE (ip_addr='84.47.83.35' OR ip_addr='84.47.83.35' OR user_id=1) AND brute_force=0 (0s)
    [14] => SELECT COUNT(*) FROM cpg14x_pictures WHERE approved = 'NO' (0s)
)

==========================
GET :
------------------
Array
(
    [cat] => 0
)

==========================
POST :
------------------
Array
(
)

==========================
VERSION INFO :
------------------
PHP version: 5.2.4 - OK
------------------
mySQL version: 5.0.45
------------------
Coppermine version: 1.4.18(stable)
==========================
Module: GD
------------------
GD Version: bundled (2.0.34 compatible)
FreeType Support: 1
FreeType Linkage: with freetype
T1Lib Support:
GIF Read Support: 1
GIF Create Support: 1
JPG Support: 1
PNG Support: 1
WBMP Support: 1
XPM Support:
XBM Support: 1
JIS-mapped Japanese Font Support:

==========================
Module: mysql
------------------
MySQL Supportenabled
Active Persistent Links 0
Active Links 1
Client API version 5.0.45
MYSQL_MODULE_TYPE external
MYSQL_SOCKET /tmp/mysql.sock
MYSQL_INCLUDE -I/usr/local/mysql/include/mysql
MYSQL_LIBS -L/usr/local/mysql/lib/mysql -lmysqlclient 
==========================
Module: zlib
------------------
ZLib Support enabled
Stream Wrapper support compress.zlib://
Stream Filter support zlib.inflate, zlib.deflate
Compiled Version 1.2.3
Linked Version 1.2.3
==========================
Server restrictions (safe mode)?
------------------
Directive | Local Value | Master Value
safe_mode | On | On
safe_mode_exec_dir | no value | no value
safe_mode_gid | Off | Off
safe_mode_include_dir | no value | no value
safe_mode_exec_dir | no value | no value
sql.safe_mode | Off | Off
disable_functions | exec, system, pXhpinfo, passthru, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate,shell_exec,popen,dl | exec, system, pXhpinfo, passthru, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate,shell_exec,popen,dl
file_uploads | On | On
include_path | . | .
open_basedir | /domains/ironmuscle.sk/public:/domains1/gh290100/public:/tmp | /domains:/domains1:/tmp
==========================
email
------------------
Directive | Local Value | Master Value
sendmail_from | no value | no value
sendmail_path | /usr/sbin/sendmail -t -i  | /usr/sbin/sendmail -t -i
SMTP | localhost | localhost
smtp_port | 25 | 25
==========================
Size and Time
------------------
Directive | Local Value | Master Value
max_execution_time | 5 | 5
max_input_time | 60 | 60
upload_max_filesize | 2M | 2M
post_max_size | 8M | 8M
==========================
Page generated in 0.133 seconds - 15 queries in 0 seconds - Album set : ; Meta set: ;

luigi72


Abbas Ali

I see that you have modified albmgr.php (out of the requirements of this mod). You have replaced some important code around line 348 which is causing the error.
Chief Geek at Ranium Systems

mahdi1234

Hi Abbas,

do you think this could be extended to prevent users from commenting in particular album? Same rules would apply i.e. user group can upload/comment or cannot do that.

thanks,
mahdi