do the API override the permission?

funfun167

Joined: 2010-03-14
Posts: 22
Posted: Thu, 2010-06-03 15:19

Suppose a user is not permitted to "add" or "edit" album

Can I make a modules such that the user able to add/delete/move...photos in the album?

Thank you

 
suprsidr
suprsidr's picture

Joined: 2005-04-17
Posts: 8339
Posted: Thu, 2010-06-03 17:42

Gallery checks permissions regardless of your module. So no.
Admins have universal privis though.

-s
FlashYourWeb and Your Gallery with The E2 XML Media Player for Gallery2

 
alecmyers

Joined: 2006-08-01
Posts: 4342
Posted: Thu, 2010-06-03 20:54

Well, to be fair, there's no reason why you can't write your own code to add or remove or move items, in a similar vein to the G2-supplied code, and simply not include the permissions checks.

 
funfun167

Joined: 2010-03-14
Posts: 22
Posted: Sat, 2010-06-05 12:36

del;eted

 
suprsidr
suprsidr's picture

Joined: 2005-04-17
Posts: 8339
Posted: Fri, 2010-06-04 12:17

G2 has the user album module. We use it on FYW and set a limit so each user gets a free 100MB to tryout gallery.
G3 - the REST API currently does not allow for remote auth without jumping through some hoops.

-s
FlashYourWeb and Your Gallery with The E2 XML Media Player for Gallery2

 
funfun167

Joined: 2010-03-14
Posts: 22
Posted: Sat, 2010-06-05 12:37
alecmyers wrote:
Well, to be fair, there's no reason why you can't write your own code to add or remove or move items, in a similar vein to the G2-supplied code, and simply not include the permissions checks.

yes.....

I plan to make use of Gallery3 for my project
http://gallery.menalto.com/node/94969

I found that the current user permission is "all or nothing", either edit/add all albums or no album.....it is a problem for me

Actually I want the user edit/add his own album, while he is not permitted to do that on other users' album

To solve this problem, I plan to do this:
1: For permission, all users have no permission to "add" and "edit" album, such that he is not able to edit in the album page
2: Bypass the default permission, the photos in this own album are shown in the custom module, he is able to add/delete photos through the REST API

Is it feasible?
Is there any drawback or potential problem?

Thank you