G2 Image via TinyMCE: Can only select pictures if they have 'Everybody [core] View item'

AveryNelson

Joined: 2008-05-10
Posts: 28
Posted: Thu, 2008-05-15 20:15

Hello,

I have setup Drupal 6.2 with Gallery 2.2.4, and have completed the G2 integration. Everything appears to be functioning correctly; however, it appears that if a user is creating content in Drupal and uses the G2Image icon to select pictures -- only pictures that have the 'Everybody [core] View Item' permission are accessible through G2 Image.

Is this by design, or is there a configuration change that can be made to allow access by G2Image of non-public pictures?

Thanks!
Avery
 
capt_kirk

Joined: 2006-01-24
Posts: 492
Posted: Fri, 2008-05-16 15:29

So, the trick to understanding user interactions for G2Image is that G2Image is not aware of who the user is. G2Image uses the current Gallery2 cookie, and whoever that user is, G2Image blindly applies the cookie for getting information from Gallery2.

This is on purpose to avoid having to have a third user database (one for Gallery2, one for the CMS (Drupal in your case), and one for G2Image). Trying to keep the CMS user database synchronized with Gallery2's user database is hard enough without introducing users for G2Image...

That said, if the current Gallery2 cookie is a "guest" cookie, then even though you're logged into Drupal, when G2Image talks to Gallery2, Gallery2 thinks that a guest is logged in, not a valid user.

I haven't done much testing with this in Drupal, but the theory from WordPress should hold. In WordPress, if you log directly into the "write post" screen and try to open a restricted Gallery2 folder in G2Image, you won't be able to get in, because Gallery2 doesn't know that you're logged into WordPress. So, you have to log in and first go to the WordPress homepage in order to trigger WPG2 (the Gallery2 embedding plugin, like the gallery module for Drupal) to log the WordPress user into a Gallery2 embedded session. Then if you go to the "write post" page and try to get into a restricted album through G2Image, it will let you, since the Gallery2 cookie now shows that the user is logged into Gallery2.

I hope that makes sense. It gets confusing. The key is to realize that there are two cookies. One for the CMS and one for Gallery2. You have to get logged into both systems to be able to see restricted items in Gallery2 from the CMS. Different CMS embedding plugins do this differently, but most seem to not automatically log into Gallery2 if you're only on the admin pages.

Please try this out on Drupal and let me know what you find.

Kirk
____________________________________
G2Image Documentation, G2Image Demo Page, My Family Website
 
AveryNelson

Joined: 2008-05-10
Posts: 28
Posted: Fri, 2008-05-16 16:38
capt_kirk wrote:
So, the trick to understanding user interactions for G2Image is that G2Image is not aware of who the user is. G2Image uses the current Gallery2 cookie, and whoever that user is, G2Image blindly applies the cookie for getting information from Gallery2.

This is on purpose to avoid having to have a third user database (one for Gallery2, one for the CMS (Drupal in your case), and one for G2Image). Trying to keep the CMS user database synchronized with Gallery2's user database is hard enough without introducing users for G2Image...

That said, if the current Gallery2 cookie is a "guest" cookie, then even though you're logged into Drupal, when G2Image talks to Gallery2, Gallery2 thinks that a guest is logged in, not a valid user.

I haven't done much testing with this in Drupal, but the theory from WordPress should hold. In WordPress, if you log directly into the "write post" screen and try to open a restricted Gallery2 folder in G2Image, you won't be able to get in, because Gallery2 doesn't know that you're logged into WordPress. So, you have to log in and first go to the WordPress homepage in order to trigger WPG2 (the Gallery2 embedding plugin, like the gallery module for Drupal) to log the WordPress user into a Gallery2 embedded session. Then if you go to the "write post" page and try to get into a restricted album through G2Image, it will let you, since the Gallery2 cookie now shows that the user is logged into Gallery2.

I hope that makes sense. It gets confusing. The key is to realize that there are two cookies. One for the CMS and one for Gallery2. You have to get logged into both systems to be able to see restricted items in Gallery2 from the CMS. Different CMS embedding plugins do this differently, but most seem to not automatically log into Gallery2 if you're only on the admin pages.

Please try this out on Drupal and let me know what you find.

Kirk
____________________________________
G2Image Documentation, G2Image Demo Page, My Family Website

Hey Kirk,

Thanks so much for the detailed explanation of how the interaction works and mode of authentication. It really helps to know such details. I'll play around, tracking some cookies, and see what I learn.

Also, thanks for your online documentation. If I put together some more updated documentation for Drupal 6.2 / Gallery integration with G2Image implemenation, would you be interested in having a look at those and possibly posting them (the G2Image part of them) on your site?

Avery