[horde] Ansel gallery permissions

Michael J Rubinsky mrubinsk at horde.org
Wed Jun 26 07:39:42 UTC 2013


Quoting Simon Wilson <simon at simonandkate.net>>> Two things for Ansel  
permissions:
>>
>> 1. I have my preferences for Ansel set to:
>>
>> When a new gallery is created, what permissions should be given to  
>> authenticated users by default? Read-only
>> When a new gallery is created, what default permissions should be  
>> given to groups that the user is a member of? None
>> When a new gallery is created, what permissions should be given to  
>> guests by default? None
>>
>> When I create a new Gallery, no-one else can see it. Set  
>> Permissions on that gallery show everything empty. If I tick  
>> Show/Read for All Authenticated Users, then they can view the  
>> gallery, as I would have expected would happen by default from my  
>> Preference settings.
>>
>>
>> 2. I have top-level Horde permissions set for Ansel as:
>>
>> a:3:{s:4:"type";s:6:"matrix";s:6:"groups";a:1:{s:58:"cn=HordePhotosAccess,ou=hordegroups,dc=simonandkate,dc=lan";i:30;}s:5:"guest";i:6;}
>>
>> Which is the group set to Show/Read/Edit/Delete, and Guest set to Show/Read.
>>
>> Objective 1 is that all users can generate their own Galleries,  
>> delete them if they want, and set permissions, which the Group  
>> access provides.
>> Objective 2 is I would like to be able for non-authenticated guests  
>> to browse to https://mail.simonandkate.net/ansel/ and see the  
>> galleries that Guests are allowed to see, and then able to browse  
>> those galleries without logging in, which is what the Guest access  
>> should provide.
>>
>> When I set a gallery to All Authenticated Users Show/Read, and  
>> Guest Permissions Show/Read, I cannot get access to that gallery  
>> without logging in.  
>> https://mail.simonandkate.net/ansel/view.php?gallery=10 always  
>> bounces to Log in page, as does https://mail.simonandkate.net/ansel/
>>
>> What am I doing wrong? Changing permissions for Auth Users responds  
>> immediately, so it's not caching somewhere... how do I get non-auth  
>> access to guests?
>>
>> Simon
>>
>
> Ahh frustrating sometimes how all of these things inter-connect! I  
> have enabled caching (Hashtable / redis) to improve performance and  
> reduce calls to the weather api.
>
> If I *disable* Horde Caching, I can generate proper permissions that  
> are flowed through immediately. Re-enable caching, and the cached  
> (now incorrect) permissions return. The way I am doing it is this  
> sequence:
>
> 1. Disable horde cache
> 2. Change permissions
> 3. redis-cli flushall
> 4. Re-enable horde cache
>
> I could probably do it with a redis-cli flush-all only. I will log  
> an enhancement request for that.
>
> I can change access to individual galleries in Ansel's Set  
> Permissions on the fly with caching enabled and with immediate  
> effect, but changes in the Horde Permissions interface don't seem to  
> apply without disabling the cache, clearing it, and then re-enabling  
> it... I tested this with permissions changes in both Wicked and Ansel.
>
> Also interesting is this, that if I try horde-clear-cache with  
> hashtable/redis enabled as the Horde Cache I get this error:
>
> ====================
>
> Fatal Error:
> Cannot use KEYS with a cluster of connections
> In /usr/share/pear/Predis/Connection/PredisCluster.php on line 135
>
> 1. Horde_Cache->clear() /usr/bin/horde-clear-cache:50
> 2. Horde_Cache_Storage_Hashtable->clear() /usr/share/pear/Horde/Cache.php:164
> 3. Horde_HashTable_Predis->clear()  
> /usr/share/pear/Horde/Cache/Storage/Hashtable.php:99
> 4. Predis\Client->keys() /usr/share/pear/Horde/HashTable/Predis.php:142
> 5. Predis\Client->__call() /usr/share/pear/Horde/HashTable/Predis.php:142
> 6. Predis\Connection\PredisCluster->executeCommand()  
> /usr/share/pear/Predis/Client.php:229
> 7. Predis\Connection\PredisCluster->getConnection()  
> /usr/share/pear/Predis/Connection/PredisCluster.php:213
>
> ====================
>
> Ever onwards... one step closer!
>
> Simon.
>
>
> --
> Simon Wilson
> M: 0400 12 11 16
>

Did you give guest access to the Ansel application (not just a gallery)?

mike
Sent from mobile

Simon Wilson <simon at simonandkate.net> wrote:





More information about the horde mailing list