- Status Assigned
- Task Type Feature Request
- Category Backend / Core
- Operating System All
- Severity Low
- Priority Very Low
- Reported Version Devel
- Due in Version 2.36
FS#8 - Better permission hierarchy
Right now there are three permissions -- public, private, and "protected", which equates to "public only to all of my clients"
This is pretty lousy; I can certianly envision scenarios where you'd want a client to only see stuff that's specific to that client. To do this now, you have to create separate accounts and mark clients for those specific accounts.
I'd like to see a more generic hierarchical user/group model. Only the photo owner can make changes to their images, but the permission model would break down as follows:
Permissions would be granted on a per-group basis, and individual users can be members of various groups. "Guest" access would just be another group, and would default to assigned.
A permission is inherited; so if "guest" is granted access to the top-level folder, they would be allowed to see everything below it unless a more restrictive permission was specified. This is sort of similar to unix permissions with the "sticky bit" turned on.
This gets a little tricky when talking about folders vs albums, as a user may not be allowed to browse the folder, but the image could be included in a public album. When viewing the image from the folder perspective, it would be disallowed, but from the album perspective, it would be allowed.
EDIT: see http://po.shaftnet.org/new_permission_model