Print

[Kasper_Rasmussen]

Is there any way to get a feature to password protect one or more galleries?

[Zarsky]

Isn't that the purpose of the group permissions?  You could also use .htaccess files if you are under apache.

[Oasis]

no no no no, I think what he means is,
password protect individual user albums...
This is useful for coppermines used as user online photo albums.
This way they users can make albums that are accessible only by people
who have the correct password, no matter what group they're in...
Even if they were unregistered.

I pointed this feature out in my previous post "A few requested features"
It was based on user feedback from 50 or so testers, and at least 4 users requested it or something similar.

[Zarsky]

oasis,

OK...I get it now...this is a good idea....There is currently a feature freeze for 1.2, but this is something we should look into for future versions.

[jack]

I don't think that this is a good idea .. this way, you woul dhave to have two authntication and two authorisation systems working together. It would be a lot of work to ensure that adding the second would not weaken the first.

A better way of doing it would be to extend the current authorisation system to allow much more flexible permissions to be applied to a gallery.

[Joachim Müller]

I guess it all boils down to enable a user to be a member in multiple groups (instead of one) or groups to be members of other groups...
This concept is widely used in other areas (e.g. operating systems) and is a conecpt users can easily adopt to.

GauGau

[jack]

Not just multiple groups per user, but also multiple allowed groups per gallery, and possibly the option of allowing or denying individual users access to a gallery. This will give a gallery owner much better control of who can access their gallery.

[wormie_dk]

With time I think a usefull feature would be category properties, so that you could allow your family to access a category called family and all albums in that category.

[Oasis]

but that means that the user can only control which "groups" can view their album... The purpose of password protecting albums, is so that the user can control access to members and visitors alike... For example, if someone has an album on my gallery site, and he decides that he is going to share this album only with a few of his friends, because there are some private photos he does not want others to see. He could give these friends a password that would let them access the album no matter what group they are in or even if they are not members.

The problem with restricting groups is that members cannot choose what groups they are in. They cannot choose who they want in the same group as them. They cannot choose which people they DON'T want in a group. All these are controlled by the gallery admin.

this way, you woul dhave to have two authntication and two authorisation systems working together. It would be a lot of work to ensure that adding the second would not weaken the first.

Actually, it's not as complicated as it seems. The first authentication system, of course, is the registration system. Users are either members or they are not. The second authentication system is the album authentication. If an album is protected, anyone wishing to see it will be asked for a password, REGARDLESS OF MEMBERSHIP! So it is just like a private album to ALL GROUPS that can only be viewed with a correct password. You know what I mean?

[joelpt]

I agree with oasis on this one.  

Adding passwords to user-albums would not weaken the existing auth system at all.  It's just an additional, optional layer of restrictiveness.  And the real power of such a setup, is that the users can set, unset, or change their album's password as they choose, without any admin intervention, and it's about as easy to do as typing in the new password.

The password setup has a specific use, and what I would call a narrow scope of "consequence".  Extending the current authentication/usergroup scheme to encompass user-albums would be quite involved and tricky, as the preceding posts in this thread already evidence.

Users can't determine who is in which of the usergroups -- without adding user-createable usergroups to the mix.  And observe also: a password actually functions as a user-created usergroup.  It's not quite as flexible to cover all possible desired uses and inclusion/exclusion schemes, but for ease of implementation and typical usage it's a darn good solution.  

Joel

[Tarique Sani]

Well I am not in favour of individually password protected albums atleast this version- For the simple reason that it would create a mess in the code which already is too messy.

May be V2.0

[Oasis]

yes, i do think you already have a lot on your hands right now. But do please keep this as a consideration for future versions.  
Many users have been asking for it.  :lol:

--
NCTU Student Union Gallery
http://photo.enctu.org/index.php?lang=english