Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Registered users can create public albums  (Read 3469 times)

0 Members and 1 Guest are viewing this topic.

clemphoto

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 34
Registered users can create public albums
« on: November 21, 2010, 04:46:48 pm »

My site is http://clemsonphotoclub.com/coppermine,  using 1.5.8.

Having read docs and searched, I find that while admins can create public albums, and with correct permissions registered users can upload to those albums, registered users should not be able to create those albums.  A new user did just that, and I have confirmed with a non-admin account that registered users can create public albums.

My system is configured to allow user albums as well as public albums.  One public album is accessible only to admins, the other to registered users, and these work correctly.  Users have correct access, as near as I can tell, to their user albums.  Unregistered visitors can only view and rate.

So, it appears I have a permission set which I don't want, and can't find out how to correct it.

Del (clemphoto)
Logged

clemphoto

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 34
Re: Registered users can create public albums
« Reply #2 on: November 21, 2010, 05:28:22 pm »

Yes, I had seen this page.  But I had not allowed permission to create in public albums.  I created a new group and put a current user in it.  This user was able to create albums in the public area.  I then logged in as admin to check, and it did not appear any group had this permission.  I explicitly gave this permission to registered user group and the new test group, and updated the page.  Then removed the permission (both groups) and updated the page again.  Now the test user cannot create a public album.

My conclusion:  There is either a problem with this permission developing through an unforeseen combination of actions, or there is a problem with the user interface on this page.  Thanks for your help.  I will call this issue resolved, although I believe there is still a potential problem in there somewhere.

Del
Logged
Pages: [1]   Go Up
 

Page created in 0.048 seconds with 19 queries.