Summary | Password protected galleries |
Queue | Ansel |
Type | Enhancement |
State | Resolved |
Priority | 1. Low |
Owners | mrubinsk (at) horde (dot) org |
Requester | duck (at) obala (dot) net |
Created | 03/08/2008 (6346 days ago) |
Due | |
Updated | 12/24/2008 (6055 days ago) |
Assigned | 12/14/2008 (6065 days ago) |
Resolved | 12/22/2008 (6057 days ago) |
Milestone | 1 |
Patch | No |
maybe is more logic to have this attribute with other gallery
proprieties. But we must allow to set the password only to the
gallery owner.
field if the current user is not the owner. I really don't see the
issue here though. The only other people that would see this form
other than the owner are admins - and admins can see the password
protected galleries without knowing the password anyway.
My initial page comes with a special password property page. Yes,
maybe is more logic to have this attribute with other gallery
proprieties. But we must allow to set the password only to the gallery
owner.
State ⇒ Resolved
gallery thumbnails, but it's no longer a 1.0 showstopper.
http://cvs.horde.org/diff.php/ansel/templates/group/category.inc?rt=horde&r1=1.16&r2=1.17&ty=u
http://cvs.horde.org/diff.php/ansel/templates/group/owner.inc?rt=horde&r1=1.26&r2=1.27&ty=u
http://cvs.horde.org/diff.php/ansel/disclamer.php?rt=horde&r1=1.3&r2=1.3.2.1&ty=u
http://cvs.horde.org/diff.php/ansel/gallery.php?rt=horde&r1=1.136.2.4&r2=1.136.2.5&ty=u
http://cvs.horde.org/diff.php/ansel/lib/Ansel.php?rt=horde&r1=1.517.2.30&r2=1.517.2.31&ty=u
http://cvs.horde.org/diff.php/ansel/lib/Block/gallery.php?rt=horde&r1=1.45.2.2&r2=1.45.2.3&ty=u
http://cvs.horde.org/diff.php/ansel/lib/Block/random_photo.php?rt=horde&r1=1.35&r2=1.35.2.1&ty=u
http://cvs.horde.org/diff.php/ansel/lib/Block/recently_added.php?rt=horde&r1=1.37.2.2&r2=1.37.2.3&ty=u
http://cvs.horde.org/diff.php/ansel/lib/Tile/Gallery.php?rt=horde&r1=1.36&r2=1.36.2.1&ty=u
http://cvs.horde.org/diff.php/ansel/lib/Views/EmbeddedRenderers/Mini.php?rt=horde&r1=1.8.2.2&r2=1.8.2.3&ty=u
http://cvs.horde.org/diff.php/ansel/lib/Views/Gallery.php?rt=horde&r1=1.119.2.2&r2=1.119.2.3&ty=u
http://cvs.horde.org/diff.php/ansel/lib/Views/Image.php?rt=horde&r1=1.68.2.4&r2=1.68.2.5&ty=u
http://cvs.horde.org/diff.php/ansel/lib/Views/Slideshow.php?rt=horde&r1=1.10.2.1&r2=1.10.2.2&ty=u
http://cvs.horde.org/diff.php/ansel/templates/gallery/gallery.inc?rt=horde&r1=1.57.2.4&r2=1.57.2.5&ty=u
http://cvs.horde.org/diff.php/ansel/gallery.php?rt=horde&r1=1.140&r2=1.141&ty=u
http://cvs.horde.org/diff.php/ansel/lib/Ansel.php?rt=horde&r1=1.560&r2=1.561&ty=u
http://cvs.horde.org/diff.php/ansel/lib/Block/gallery.php?rt=horde&r1=1.47&r2=1.48&ty=u
http://cvs.horde.org/diff.php/ansel/lib/Block/random_photo.php?rt=horde&r1=1.35&r2=1.36&ty=u
http://cvs.horde.org/diff.php/ansel/lib/Block/recently_added.php?rt=horde&r1=1.39&r2=1.40&ty=u
http://cvs.horde.org/diff.php/ansel/lib/Tile/Gallery.php?rt=horde&r1=1.36&r2=1.37&ty=u
http://cvs.horde.org/diff.php/ansel/lib/Views/EmbeddedRenderers/Mini.php?rt=horde&r1=1.13&r2=1.14&ty=u
http://cvs.horde.org/diff.php/ansel/lib/Views/Gallery.php?rt=horde&r1=1.123&r2=1.124&ty=u
http://cvs.horde.org/diff.php/ansel/lib/Views/Image.php?rt=horde&r1=1.73&r2=1.74&ty=u
http://cvs.horde.org/diff.php/ansel/lib/Views/Slideshow.php?rt=horde&r1=1.11&r2=1.12&ty=u
http://cvs.horde.org/co.php/ansel/protect.php?rt=horde&r=1.1
http://cvs.horde.org/diff.php/ansel/templates/gallery/gallery.inc?rt=horde&r1=1.61&r2=1.62&ty=u
Milestone ⇒ 1
State ⇒ Assigned
recent changes.
The main issue I had with how this - and the gallery age requirement -
is currently implemented is that there needs to be various checks
sprinkled around Ansel to check these things. We query by permissions
to get the gallery list, then on top of that, we have to double check
other types of permissions in various places to be sure the person is
old enough, the gallery has a password etc...
I remember trying (unsuccessfully) to centralize everything at one
point, but I don't remember the exact issues off hand. I'll look at
it again, but to honest, it's going to be towards the bottom of my list.
State ⇒ Feedback
Taken from Michael Rubinsky
State ⇒ Stalled
I'm looking forward to seeing the facial recognition once it's fully
implemented
repository where I gone much forward with face recognition and face
bitmap search (finds similarities) and even some more optimizations.
But is difficult to me to create a ticket for every single changes I
made. I wish to make Ansel feature and optimization capable for my
site till the end of the month. I will stay tuned, but I will probably
wait with patches till I finish, or maybe even till Ansel is branched
for php5.
All my patches are created against the cvs snapshot of the day the
patch is created. Problems my occur as things changes till the patch
is revisioned.
changes went as the patch didn't apply cleanly...maybe a fresh patch
against current HEAD would help if this seems to be working for you.
1) DB Syntax error when saving new galleries
2) Password and Tags fields are already filled in with values from
somewhere when creating a new gallery
3) After entering password from the protect form, a "no gallery
specified' error is still returned.
4) Images from password protected galleries are still shown in the
mini thumbnails of gallery groups and the image titles are still shown
in the blocks. If a gallery is not accessible, you shouldn't be able
to even read the titles, file names etc...
5) Image for locked galleries not included in patch
6) Passwords stored in plaintext
New Attachment: ansel-passwd[1].diff
- added hasPasswd() method to tell if the gallery has passwd and the
user has not entered it yet
- added gallery-locked.png to as thumbnails for locked images
Now we check if the gallery is locked by password in
Ansel_View_Abstract and various blocks.
- added hasPasswd() method to tell if the gallery has passwd and the
user has not entered it yet
- added gallery-locked.png to as thumbnails for locked images
Now we check if the gallery is locked by password in
Ansel_View_Abstract and various blocks.
We should probably md5 them before they are stored instead of just
when we are storing them in the session.
State ⇒ Feedback
You are prevented from viewing *any* galleries in the List view if the
current grouping contains any password protected galleries that you do
not have the password for. For example, browsing all of User A's
galleries, you are *immediately* presented with a password dialog. If
you do not have the password for that gallery, you have to way of
viewing any of the rest of the grouping.
I also don't think we should show the password dialog until we
actually try to view the gallery itself. Maybe a "locked" image as
the gallery tile thumbnail should be displayed when we have not
"authenticated" to a particular gallery yet.
We also need to implement some sort of better check for things like
Ansel's blocks. Right now, images and galleries that are passwd
protected show up in the various blocks, and when you mouse over an
image, for example, the image is briefly displayed and then is
replaced by the login form in the floating div where the previewed
thumbnail should be.
I'm also not sure that a non-owner with edit permissions should be
able to change a gallery password....and if we *do* want to allow it,
there is an issue that when the password is changed and we are asked
for the new password when being redirected back to the gallery view,
after a successful "authentication", a "No gallery found" error is
returned.
Assigned to Michael Rubinsky
New Attachment: protect.php
Priority ⇒ 1. Low
State ⇒ New
New Attachment: ansel-passwd.diff
Queue ⇒ Ansel
Summary ⇒ Password protected galleries
Type ⇒ Enhancement
into the gallery hasPermission method which seem the more logic place.
If the headers are still not sent the user is redirected to the
password enter form. Otherwise returns false.