Recursive password protection
|
nicolarsson1
Joined: 2005-12-14
Posts: 38 |
Posted: Mon, 2006-11-27 10:10
|
|
Hi When password protecting an album, should it be possible to use the navigation controls to access sub-albums of the password protected album? Cheers Nic |
|
Posts: 8601
once you enter the password you should be able to access all subalbums and items (unless they have their own password).. if a user already has permission to access the album or subalbums then they would not need to enter the password, so check the view permissions.
Posts: 38
Once the user enters the password he can see the sub-albums.
Before the user enters the password he can directly navigate to a sub-album of a password protected album through the drop-down box for example.
I have removed all view premissions except for guest, owner and admin for the password protected album and sub-albums. A guest can still
My issue is that I believe that the password protection should be recursive.
Cheers
Nic
Posts: 8601
yes, it is. of course, you can change permissions after adding the password.. this can cause those items to be visible without the password.
Posts: 38
Only Guest and Admin had view perms before I added the password for the top-level album. Guests can still directly access the sub-albums.
Cheers
Nic
Posts: 8601
if you can find steps to reproduce this problem you can file a bug on sf.net, as it shouldn't work that way.
Posts: 8601
i'm not able to reproduce this on current svn.. trying to access a subalbum directly as a guest jumps me to the login page (if i haven't entered the album password yet)
Posts: 38
Hi
Thanks for your help.
By removing PW & perms from the PW protected album and recursivly applying these and then adding guest perms plus a PW back again I managed to hide some of the albums.
When looking at the albums permissions they all look the same. Could some permissions be corrupt in the database? Can I "reset" perms in a table and start over?
When I apply/removing a password the site never "returns". It always ends with a 500 - A misconfiguration on the server caused a hiccup. Check the server logs, fix the problem, then try again..
Cheers
Nic
Posts: 8601
ah, well that's why you're not getting all albums protected by the password. the request is dying before it updates all the permissions. you can file a bug about this if you like.. unfortunately we don't have progress-bar support for large permission-change operations like this. password protection for an album with fewer items/subalbums should work ok.
Posts: 38
It is highly likely that this is caused by Bluehosts poor CPU quotas. I tried on an album with fewer items and everything works I think.
Where can I slow down the process through inserting a usleep(50000) for example?
Which tables can I look in to find the correct permissions so that I can clean this up...?
Cheers
Nic
Posts: 8601
G2 uses ACLs (access control lists) in g2_AccessMap and g2_AccessSubscriberMap.. not trivial to decode what's going on in here. Your best bet is probably removing the password and trying to add back any missing permissions to clean things up. Then file a bug about this to encourage us to add a progress bar here..
Posts: 38
Alright!
Will do!
Cheers
Nic
Posts: 8601
current svn now uses a progress bar when applying password changes to albums.
Posts: 38
Downloaded the latest snapshop but can't see a progressbar.
Cheers
Nic
Posts: 8601
find $Revision: near the top of modules/password/PasswordOption.inc, what revision is it?
can you be more detailed about the steps you tried, and what you did see if not a progressbar?
Posts: 38
Revision: 14392
Guess it isn't updated in the nightly snapshot I downloaded.
I see no changes to the password option only some minor other changes.
Cheers
Nic
Posts: 8601
yup, that snapshot isn't up to date.. click download above for sites with up-to-date snapshots.
Posts: 38
OK, progress bar is working. Great job!
I still have a problem though.
I have deleted all albums except the top-level ones and all images. My db g_AccessMap contains 6000 lines still...
How can I clean the database out or should I just drop it and rebuild it?
Which permissions must the sub-items have before password protecting?
What should happen if I move an album into the password protected album? If this album should become protected I can move them in 5 by 5 or so not to choke the CPU. I have tried this but not managed to get them protected without re-applying the PW.
Is there really no way how I temporarily can insert a delay in the code not to choke the server when password protecting?
Cheers
Nic
Posts: 8601
something like 1% of the time on permissions changes g2 runs a cleanup process on AccessMap.. normally i'd say this will clean things up, though since you had some aborted operations it's hard to be sure.
yes, moving an album into a password protected album applies the protection to it.
sure, you could add a sleep() call in classes/PasswordHelper.class somewhere, not sure how that helps though.
Posts: 38
Wouldn't a sleep() decrease the stress on the CPu by spreading the processing over a longer time period?
Cheers
Nic
Posts: 8601
sure, but what if your webhost is measuring total time a request takes?
Posts: 38
That might be the case but it doesn't look like it since the process is terminated prematurely.
?
Cheers
Nic
Posts: 38
So I emptied my tables but do not have a root album showing up. The link up at the top left (matrix) is there though. I installed a new copy of G2 to another location and copied the rows from that new database into the AccessMap and AccessSubscriberMap. Still no root album or ability to add a new album... Any ideas?
Cheers
Nic
Posts: 8601
ouch, you removed all permissions from the db??
if you have a backup you can restore, try that.. otherwise, this *might* work:
clear out the 2 tables again
insert into g2_AccessMap values (1, 2147483647, 3);
insert into g2_AccessSubscriberMap select g_id, 1 from g2_Item;
then login as a site admin and use 'edit permissions' to make additional changes.
Posts: 38
thanks a lot but it didn't work. no result.
guess I'll just start over again...
Cheers
Nic