Users cannot see album if it's inside another album where they don't have permissions #76

Closed
opened 2018-07-28 23:50:01 +01:00 by aheathershaw · 3 comments
Owner

LNT00:

When a user has permissions for a child-album, but not for the parent album, he can't see the child album when he 's logged in.

[LNT00](https://github.com/LNT00): When a user has permissions for a child-album, but not for the parent album, he can't see the child album when he 's logged in.
aheathershaw added this to the Version 2.2.0-beta.1 milestone 2018-07-28 23:50:01 +01:00
aheathershaw self-assigned this 2018-07-28 23:50:01 +01:00
aheathershaw added the
enhancement
label 2018-07-28 23:50:01 +01:00
Author
Owner
Migrated from https://github.com/andysh-uk/blue-twilight/issues/76
Author
Owner

I've been thinking about this a bit more, and due to the complexity of the logic, it needs to be implemented in code.

This could be cached in the database in a similar way to how we cache disk usage in Blue Twilight Cloud (e.g. a flag indicating the permission cache is dirty.)

The cache will need to be dirtied when the following is true:

  • a new user is added
  • a user's group memberships are changed
  • a user is deleted (not really dirtied, just rely on a FK to delete the associated record)
  • a new album is created
  • an album's parent is changed
  • an album's permissions are changed
  • an album is deleted (not really dirtied, just rely on a FK to delete the associated record)

Also we should add a button to the Settings screen that allows an administrator to rebuild the permissions cache.

I've been thinking about this a bit more, and due to the complexity of the logic, it needs to be implemented in code. This could be cached in the database in a similar way to how we cache disk usage in Blue Twilight Cloud (e.g. a flag indicating the permission cache is dirty.) The cache will need to be dirtied when the following is true: - a new user is added - a user's group memberships are changed - a user is deleted (not really dirtied, just rely on a FK to delete the associated record) - a new album is created - an album's parent is changed - an album's permissions are changed - an album is deleted (not really dirtied, just rely on a FK to delete the associated record) Also we should add a button to the Settings screen that allows an administrator to rebuild the permissions cache.
aheathershaw added the
wip
label 2018-09-14 18:28:11 +01:00
aheathershaw removed the
wip
label 2018-09-16 22:17:51 +01:00
Author
Owner

Following the changes made in #71, this is now possible.

If the album selector is set to include child albums, then child albums a user has permissions to are visible despite not having permissions to the parent.

Following the changes made in #71, this is now possible. If the album selector is set to include child albums, then child albums a user has permissions to are visible despite not having permissions to the parent.
Sign in to join this conversation.
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: aheathershaw/blue-twilight#76
No description provided.