[horde] Ansel gallery permissions

Simon Wilson simon at simonandkate.net
Wed Jun 26 06:00:35 UTC 2013 

> Two things for Ansel permissions:
>
> 1. I have my preferences for Ansel set to:
>
> When a new gallery is created, what permissions should be given to  
> authenticated users by default? Read-only
> When a new gallery is created, what default permissions should be  
> given to groups that the user is a member of? None
> When a new gallery is created, what permissions should be given to  
> guests by default? None
>
> When I create a new Gallery, no-one else can see it. Set Permissions  
> on that gallery show everything empty. If I tick Show/Read for All  
> Authenticated Users, then they can view the gallery, as I would have  
> expected would happen by default from my Preference settings.
>
>
> 2. I have top-level Horde permissions set for Ansel as:
>
> a:3:{s:4:"type";s:6:"matrix";s:6:"groups";a:1:{s:58:"cn=HordePhotosAccess,ou=hordegroups,dc=simonandkate,dc=lan";i:30;}s:5:"guest";i:6;}
>
> Which is the group set to Show/Read/Edit/Delete, and Guest set to Show/Read.
>
> Objective 1 is that all users can generate their own Galleries,  
> delete them if they want, and set permissions, which the Group  
> access provides.
> Objective 2 is I would like to be able for non-authenticated guests  
> to browse to https://mail.simonandkate.net/ansel/ and see the  
> galleries that Guests are allowed to see, and then able to browse  
> those galleries without logging in, which is what the Guest access  
> should provide.
>
> When I set a gallery to All Authenticated Users Show/Read, and Guest  
> Permissions Show/Read, I cannot get access to that gallery without  
> logging in. https://mail.simonandkate.net/ansel/view.php?gallery=10  
> always bounces to Log in page, as does  
> https://mail.simonandkate.net/ansel/
>
> What am I doing wrong? Changing permissions for Auth Users responds  
> immediately, so it's not caching somewhere... how do I get non-auth  
> access to guests?
>
> Simon
>

Ahh frustrating sometimes how all of these things inter-connect! I  
have enabled caching (Hashtable / redis) to improve performance and  
reduce calls to the weather api.

If I *disable* Horde Caching, I can generate proper permissions that  
are flowed through immediately. Re-enable caching, and the cached (now  
incorrect) permissions return. The way I am doing it is this sequence:

1. Disable horde cache
2. Change permissions
3. redis-cli flushall
4. Re-enable horde cache

I could probably do it with a redis-cli flush-all only. I will log an  
enhancement request for that.

I can change access to individual galleries in Ansel's Set Permissions  
on the fly with caching enabled and with immediate effect, but changes  
in the Horde Permissions interface don't seem to apply without  
disabling the cache, clearing it, and then re-enabling it... I tested  
this with permissions changes in both Wicked and Ansel.

Also interesting is this, that if I try horde-clear-cache with  
hashtable/redis enabled as the Horde Cache I get this error:

====================

Fatal Error:
Cannot use KEYS with a cluster of connections
In /usr/share/pear/Predis/Connection/PredisCluster.php on line 135

1. Horde_Cache->clear() /usr/bin/horde-clear-cache:50
2. Horde_Cache_Storage_Hashtable->clear() /usr/share/pear/Horde/Cache.php:164
3. Horde_HashTable_Predis->clear()  
/usr/share/pear/Horde/Cache/Storage/Hashtable.php:99
4. Predis\Client->keys() /usr/share/pear/Horde/HashTable/Predis.php:142
5. Predis\Client->__call() /usr/share/pear/Horde/HashTable/Predis.php:142
6. Predis\Connection\PredisCluster->executeCommand()  
/usr/share/pear/Predis/Client.php:229
7. Predis\Connection\PredisCluster->getConnection()  
/usr/share/pear/Predis/Connection/PredisCluster.php:213

====================

Ever onwards... one step closer!

Simon.


--
Simon Wilson
M: 0400 12 11 16
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-keys
Size: 1339 bytes
Desc: PGP Public Key
URL: <http://lists.horde.org/archives/horde/attachments/20130626/16f8b43f/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: PGP Digital Signature
URL: <http://lists.horde.org/archives/horde/attachments/20130626/16f8b43f/attachment-0001.bin>

More information about the horde mailing list