Gallery Permissions

[420]

Still learning the differences between the way VB & Photopost did permissions and need some help.

We have one gallery that does not watermark our photos, we use this for staff work like website tutorials, advisories, etc.

The idea behind this gallery is that staff can upload site images without the watermark, to make them look more clean/professional.

We also use it to upload sensitive data for our team, like troll investigations, staff/member human resources, etc.

We want the images to be visible to everyone, as long as we embed them in a thread, like in our tutorials.

However, the only people allowed to upload to the gallery and view the gallery, are mods and admins.

Problem is, during the migration, the permissions were changed and everyone was able to view this gallery in its entirety.

We have since changed all permissions for Registered & Established to NO for this gallery, and now nobody can see anything.

How do I set the permissions to allow everyone to see the images embedded in threads, but only mods and admins able to upload and view the gallery?

Thank you.

 

[Chris D]

You can change the permissions on each category as you see fit. In the list of categories in the Admin CP, each category has a "Permissions" link. Click that, and on the page that's presented my recommendation is to mark it as a "Private category". That means that no one can see it, unless they're explicitly granted permission to. After that, you can start giving permissions to individual users or user groups.

Obviously you can decide which permissions are best, but based on the comments about watermarking you'll want to give users the "Add media items without watermark" permission. This means they won't be watermarked by default.

By the way, watermarking is an entirely reversible process. You should be able to select any existing images that are watermarked (that have been watermarked since the move to XF) using inline moderation and then select "Remove watermarks" from the inline mod drop down.

 

[420]

When I mark it as a "Private category", will everyone still be able to see the images embedded in threads, but not see the gallery?

If so, which specific settings do I give them a YES to?

Thank you.

 

[Chris D]

Well, the add-on is very strict (by design) when it comes to permissions and privacy so if normal users can't see the category then they won't be able to see the embedded images either. There's no combination of permissions that would allow them to not see the category, but would allow them to see embedded images.

 

[420]

This worked flawlessly in Photopost, which was built with alien code by amateurs, two decades ago.

Surely, you can figure out a way to help us with this obstacle, in your brand new, modern, amazing software?

Otherwise, we will be forced to ftp images up to our server, every time we need to post an image without a watermark.

Unless we can give permission to mods and admins to remove watermark from their images?

Then create a separate gallery just for tutorial images that everyone can see?

Just want to be sure we are on the same page here, I'm still learning. Thank you.

 

[Chris D]

It's not a case of ability, it's just a design decision. I personally think it's quite logical that if you have a category of images which you explicitly configure to not be visible to anyone that its contents shouldn't be visible to anyone. There are of course different approaches we could take if we wanted to.

For now, your suggested approach seems reasonable. Yes, you can give your mods/admins permission so that they can either remove watermarks after they have been added or just not have them automatically added at all. Then you could create a separate category for those images with the appropriate permissions so that they can be seen by other users.

You can of course also move images from one category to another so they could start off in the hidden category before being moved to the visible category when they're ready to be published.

 

[Jake B.]

If the images are being used in articles/posts you could just attach them to that article/post which will do essentially the same thing and the permissions will follow the permissions of that post rather than the category

 

[420]

Thanks Jake, that would work if we didn't have specific requirements.

The images are used specifically to embed screenshots into tutorial threads, showing staff and members how to operate the website.

We also use it for displaying screenshots of website errors and human resources investigations in the mod/admin pits.

We ditched attachments over a decade ago for fear of viruses and trojans, plus we don't care for the small thumbnails you have to click on.

We prefer embedded screenshots only, that take up the entire width of the post frame, which requires no clicking and pops ups to view.

In a huge forum like ours, we deal with hundreds of reports daily, so every click adds up.

 

[Jake B.]

You can embed attachments, and you can restrict attachments to specific file types , for example, this image is an attachment:

 

[420]

Why does everyone keep trying to push attachments.

That's great to see they can be embedded, however, unfortunately, they won't work for us for two other reasons.

1. Our upload process strips meta data from our photos, to protect our members who might upload certain types of plants that could potentially be federally illegal in their state. Last thing they need is a thief to rob them or a cop to raid them, from data they found on their photo, on our website. I do not believe attachments would have that capability, that we have scripted into our uploads.

2. Everyone keeps sidestepping our concern of viruses and trojans being embedded into attachments, again, putting us and our members at risk. We understand the occasion is rare, however have experienced most of the "rare" things anyone could ever experience in our journey thus far, and have become shell shocked from everything we've been through. So we don't take chances anymore, for any reason. History and experience have conditioned us and our protocols into becoming a very rigid and solid ship, for everyone's sake.

We take our member safety, security and freedom very seriously, even more so that most of them do.

Meanwhile, I'm trying to figure out how to set these permissions so the registered members can see the images from the folder I move the images to, while limiting them from uploading to it and only giving unwatermark powers to staff. I feel like crying for help right now. lol

Thank you both for all your support and suggestions, I am truly grateful for you gentlemen.

 

[Jake B.]

Our upload process strips meta data from our photos, to protect our members who might upload certain types of plants that could potentially be federally illegal in their state. Last thing they need is a thief to rob them or a cop to raid them, from data they found on their photo, on our website. I do not believe attachments would have that capability, that we have scripted into our uploads.

I'll have to check but I'm pretty sure these are being stripped in the attachment upload process so it'll cover pretty much anything that uses the attachment system

Everyone keeps sidestepping our concern of viruses and trojans being embedded into attachments, again, putting us and our members at risk. We understand the occasion is rare, however have experienced most of the "rare" things anyone could ever experience in our journey thus far, and have become shell shocked from everything we've been through. So we don't take chances anymore, for any reason. History and experience have conditioned us and our protocols into becoming a very rigid and solid ship, for everyone's sake.

I'm not sure I really understand the concern here, only way this would be an issue is if you allowed executables to be uploaded (or zips confining executables) if you limit it to only images it's really no different than the media gallery as they both in the end use the attachment system, plus you can restrict attachments to only the forum containing your articles, and even restrict them to only admins and moderators in those forums

 

[420]

I'll have to check but I'm pretty sure these are being stripped in the attachment upload process so it'll cover pretty much anything that uses the attachment system

Please do and let me know, that would take then two of three concerns off the plate. Thank you.

I'm not sure I really understand the concern here, only way this would be an issue is if you allowed executables to be uploaded (or zips confining executables) if you limit it to only images it's really no different than the media gallery as they both in the end use the attachment system, plus you can restrict attachments to only the forum containing your articles, and even restrict them to only admins and moderators in those forums

This fear was beaten into us decades ago and we never looked back, just avoided it from then on. Even our systems admin confirmed a few months ago, that it has been known to happen. Since you guys keep either evading this or claiming I am concerned for no reason, i'll get more solid data to discuss. Thank you.

Meanwhile, I spent last night creating another gallery with only mod/admin access, moved all of the sensitive data there, then changed the 5 different usergroup permissions for everyone viewing the other gallery, so now everything is cool. I was also able to sort out the adding/removing/watermarking issue as well and now have a more solid understanding of how the system works, thankfully.

I really appreciate you guys walking me though this, thank you.

Now this opens a new can or worms.

1. Deciding on whether to keep our current upload embed process
2. Replace it with the attachment system
3. Or add it as yet another option

I do see the current process as cumbersome:

1. Start out in a post you want to embed photos in
2. Open a new tab and upload photos to the gallery
3. Go back to the other tab and embed the images in the post

Can attachments be watermarked?

vs

1. Start out in a post you want to embed photos in
2. Attach photos

As long as they can be fully embedded like you showed above, without being small thumbnails, this might be a faster solution, removing another tab and a third step to the process. Think we can achieve the exact same thing, without the extra steps?

Thank you for helping us evolve to the next level, it's not easy coming out of VBulletin, Photopost, DBSEO, Sphinx, Joomla, Tapatalk and finding our new path.