[horde] Ansel gallery permissions

Simon Wilson simon at simonandkate.net
Wed Jun 26 07:54:06 UTC 2013 

> Quoting Simon Wilson <simon at simonandkate.net>>> Two things for Ansel  
> permissions:
>>>
>>> 1. I have my preferences for Ansel set to:
>>>
>>> When a new gallery is created, what permissions should be given to  
>>> authenticated users by default? Read-only
>>> When a new gallery is created, what default permissions should be  
>>> given to groups that the user is a member of? None
>>> When a new gallery is created, what permissions should be given to  
>>> guests by default? None
>>>
>>> When I create a new Gallery, no-one else can see it. Set  
>>> Permissions on that gallery show everything empty. If I tick  
>>> Show/Read for All Authenticated Users, then they can view the  
>>> gallery, as I would have expected would happen by default from my  
>>> Preference settings.
>>>
>>>
>>> 2. I have top-level Horde permissions set for Ansel as:
>>>
>>> a:3:{s:4:"type";s:6:"matrix";s:6:"groups";a:1:{s:58:"cn=HordePhotosAccess,ou=hordegroups,dc=simonandkate,dc=lan";i:30;}s:5:"guest";i:6;}
>>>
>>> Which is the group set to Show/Read/Edit/Delete, and Guest set to  
>>> Show/Read.
>>>
>>> Objective 1 is that all users can generate their own Galleries,  
>>> delete them if they want, and set permissions, which the Group  
>>> access provides.
>>> Objective 2 is I would like to be able for non-authenticated  
>>> guests to browse to https://mail.simonandkate.net/ansel/ and see  
>>> the galleries that Guests are allowed to see, and then able to  
>>> browse those galleries without logging in, which is what the Guest  
>>> access should provide.
>>>
>>> When I set a gallery to All Authenticated Users Show/Read, and  
>>> Guest Permissions Show/Read, I cannot get access to that gallery  
>>> without logging in.  
>>> https://mail.simonandkate.net/ansel/view.php?gallery=10 always  
>>> bounces to Log in page, as does https://mail.simonandkate.net/ansel/
>>>
>>> What am I doing wrong? Changing permissions for Auth Users  
>>> responds immediately, so it's not caching somewhere... how do I  
>>> get non-auth access to guests?
>>>
>>> Simon
>>>
>>
>> Ahh frustrating sometimes how all of these things inter-connect! I  
>> have enabled caching (Hashtable / redis) to improve performance and  
>> reduce calls to the weather api.
>>
>> If I *disable* Horde Caching, I can generate proper permissions  
>> that are flowed through immediately. Re-enable caching, and the  
>> cached (now incorrect) permissions return. The way I am doing it is  
>> this sequence:
>>
>> 1. Disable horde cache
>> 2. Change permissions
>> 3. redis-cli flushall
>> 4. Re-enable horde cache
>>
>> I could probably do it with a redis-cli flush-all only. I will log  
>> an enhancement request for that.
>>
>> I can change access to individual galleries in Ansel's Set  
>> Permissions on the fly with caching enabled and with immediate  
>> effect, but changes in the Horde Permissions interface don't seem  
>> to apply without disabling the cache, clearing it, and then  
>> re-enabling it... I tested this with permissions changes in both  
>> Wicked and Ansel.
>>
>> Also interesting is this, that if I try horde-clear-cache with  
>> hashtable/redis enabled as the Horde Cache I get this error:
>>
>> ====================
>>
>> Fatal Error:
>> Cannot use KEYS with a cluster of connections
>> In /usr/share/pear/Predis/Connection/PredisCluster.php on line 135
>>
>> 1. Horde_Cache->clear() /usr/bin/horde-clear-cache:50
>> 2. Horde_Cache_Storage_Hashtable->clear()  
>> /usr/share/pear/Horde/Cache.php:164
>> 3. Horde_HashTable_Predis->clear()  
>> /usr/share/pear/Horde/Cache/Storage/Hashtable.php:99
>> 4. Predis\Client->keys() /usr/share/pear/Horde/HashTable/Predis.php:142
>> 5. Predis\Client->__call() /usr/share/pear/Horde/HashTable/Predis.php:142
>> 6. Predis\Connection\PredisCluster->executeCommand()  
>> /usr/share/pear/Predis/Client.php:229
>> 7. Predis\Connection\PredisCluster->getConnection()  
>> /usr/share/pear/Predis/Connection/PredisCluster.php:213
>>
>> ====================
>>
>> Ever onwards... one step closer!
>>
>> Simon.
>>
>>
>> --
>> Simon Wilson
>> M: 0400 12 11 16
>>
>
> Did you give guest access to the Ansel application (not just a gallery)?
>
> mike
> Sent from mobile

Hi Mike,

Possibly not clear in my long email on your mobile :) but yes the  
Ansel application perms are set as per my comment:

>>> 2. I have top-level Horde permissions set for Ansel as:
>>> <snip>
>>> Which is the group set to Show/Read/Edit/Delete, and Guest set to  
>>> Show/Read.

With individual Gallery permissions then added to Guest, everything  
works as expected - but only when caching is disabled, or the cache  
manually cleared. With caching enabled the new permissions set to  
Ansel (not the Gallery) do not take effect.

So I have a working workaround for Issue 2 (and will post an  
enhancement request for Horde admin level permissions changes to clear  
cache when bugs.horde.org is back up...).

Issue 1 remains - the Preference-set default permissions for a new  
Gallery are not applied when a new Gallery is created.

Thanks,
Simon.



--
Simon Wilson
M: 0400 12 11 16
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-keys
Size: 1339 bytes
Desc: PGP Public Key
URL: <http://lists.horde.org/archives/horde/attachments/20130626/f464d1d4/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: PGP Digital Signature
URL: <http://lists.horde.org/archives/horde/attachments/20130626/f464d1d4/attachment-0001.bin>

More information about the horde mailing list