do the API override the permission?
|
funfun167
Joined: 2010-03-14
Posts: 22 |
Posted: Thu, 2010-06-03 15:19
|
|
Suppose a user is not permitted to "add" or "edit" album Can I make a modules such that the user able to add/delete/move...photos in the album? Thank you |
|
Posts: 8339
Gallery checks permissions regardless of your module. So no.
Admins have universal privis though.
-s
FlashYourWeb and Your Gallery with The E2 XML Media Player for Gallery2
Posts: 4342
Well, to be fair, there's no reason why you can't write your own code to add or remove or move items, in a similar vein to the G2-supplied code, and simply not include the permissions checks.
Posts: 22
del;eted
Posts: 8339
G2 has the user album module. We use it on FYW and set a limit so each user gets a free 100MB to tryout gallery.
G3 - the REST API currently does not allow for remote auth without jumping through some hoops.
-s
FlashYourWeb and Your Gallery with The E2 XML Media Player for Gallery2
Posts: 22
yes.....
I plan to make use of Gallery3 for my project
http://gallery.menalto.com/node/94969
I found that the current user permission is "all or nothing", either edit/add all albums or no album.....it is a problem for me
Actually I want the user edit/add his own album, while he is not permitted to do that on other users' album
To solve this problem, I plan to do this:
1: For permission, all users have no permission to "add" and "edit" album, such that he is not able to edit in the album page
2: Bypass the default permission, the photos in this own album are shown in the custom module, he is able to add/delete photos through the REST API
Is it feasible?
Is there any drawback or potential problem?
Thank you