don't let users edit their own albums don't let users edit their own albums
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

don't let users edit their own albums

Started by cryptk, August 10, 2009, 01:22:19 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

cryptk

So I am setting up a website for a professional photographer.  I am using coppermine in order to set up a shopping cart where her clients can select what pictures they want to purchase and in what sizes.  What I want to do is have each client have their own username/password and when they log in their personal album is pre-loaded with all of their pictures for them to choose from.

The issue I am running into is I want to somehow restrict them from being able to create new personal albums, upload new pictures to their album etc.


Any ideas?


The URL to the copermine install is www.photoarj.com/cpg

phill104

It is a mistake to think you can solve any major problems just with potatoes.

cryptk

I did read the manual (before I made this post) and didn't find how to accomplish what I want in there.  Perhaps I wasn't completely clear on what I am trying to do so I will try to explain better.

If I disable their personal gallery it also removes their link an access to their personal gallery.  I want them to be able to see the gallery and the pictures in it, I just don't want them to be able to create any new albums, upload new photos, delete photos, delete albums.

I need them to still have a personal gallery, jsut have it be "read-only" so to speak.

so any more ideas?


Just to ease your mind, I again reviewed that section of the manual and can't find how to accomplish what I need there.

cryptk

On a side note I have found the plugin Delete Control which removes users ability to delete things, but they can still modify their album names etc.  I just need a way to get rid of the other buttons within their personal album.  Attached is a picture to illustrate what I am after.

I need to get rid of the Properties and Edit Files buttons next to the album names as well as the four buttons above it.

I hope this clarifies for you what I need.

Joachim Müller

That's all nonsense: existing personal albums don't go away if you disallow the user to have personal albums. All you need to do is disallow registered users to have personal albums, so the buttons to create and edit their existing uploads will go away. So how do the get there in the first place? Well, the users need to be members of a group that is allowed to have personal albums first and later they become members of a group that is not allowed to have personal albums. This being said, you create a custom group (again in the groups control panel) that is named "Uploaders". Allow that group to have personal galleries.
Then create a new user account for a new customer. As you have created that account (as an admin) you know the access data (user name and password). While being logged in as admin, make that user a member of the "Uploaders" group. This move makes the user able to upload. You then log in using that user account (preferably using a different browser on the same machine, so you don't have to swap back and forth from being logged on as admin and as user) and upload what needs to be uploaded to that user's personal gallery. Additionally, go to the properties of the albums you created as that user and change access permissions to "me only" if you only want that user to be able to access his album and nobody else (except you as admin). This is usually being done if you make sure that the privacy of your customer's shots is not being invaded, but setting album access permissions to "me only" on the album properties is not needed to make the technology working that I just explained.
Finally, after all uploads are complete, log in as admin once more (or use the session in the other browser that you still have open if you heeded my advice from above to use two different browsers) and remove the user from the custom group "Uploaders", so he's only a member of the default group "Registered", which doesn't have permission to create new personal albums nor to edit existing personal albums. However, the registered group still has permissions to access the personal album that belongs to that account.

cryptk

Thank you very much, I will definitely give that a shot.  You were much more helpful than someone else in this thread... not to name any names... cough cough...

Quote from: Phill Luckhurst on August 10, 2009, 01:47:51 AM
Yep, read the manual.

http://coppermine-gallery.net/demo/cpg14x/docs/index.htm#group_cp

Joachim Müller

Not a bright idea to blame other supporters. You have zero reputation here. Phill is a fellow dev and has proven his skills as well as his friendliness many times over.
Your attitude won't get you far.

cryptk

I didn't mean that as me calling him names... I just found it odd that his recommendation was to RTFM when the answer to my question wasn't even in there...  I didn't mean any harm by it, I just don't like the attitude of telling everyone to RTFM (and this is coming from someone that works in the support field).  Didn't mean any offense to him and I am sure he is a great guy, maybe he was just having a bad day.

Joachim Müller

Let it end, will you?
Instead, please resolve this thread as per board rules: you said in your previous posting
Quote from: cryptk on August 11, 2009, 05:45:19 AMI will definitely give that a shot
, so the question is wether everything worked out as expected.

cryptk

Quote from: Joachim Müller on August 13, 2009, 01:06:39 PM
Let it end, will you?
Instead, please resolve this thread as per board rules: you said in your previous posting, so the question is wether everything worked out as expected.

Sorry I have been really busy with my other job (USAF) but I am going to give it a shot now and I will let you know ;)

I really didn't mean anything by it btw, the last one was an apology, but I can see where it could have come off wrong so to make it formal, I didn't mean anything negative and I apologize if my comments were taken the wrong way.  I am going to edit that post to remove the "questionable content".

cryptk

alright, seems like it works, I did have to make one change though.  Because of the number of images that I am uploading per album (sometimes hundreds) I REQUIRED batch uploading.  I made the clients user account, set them as an administrator, uploaded their images using the batch uploader to their personal album(s) then I changed them back to just registered.  After all is set and done, I give them a randomly generated password and email them their login info (AFTER I remove their admin rights).

This works well for me, I need to make some changed to the theme to make things look a little more like I want them but other than that it is working great, thanks for the advice!  and marking as solved.