Support » Plugin: WP Photo Album Plus » Wishlist(?): Different Albums for different users

  • Resolved serge-wp

    (@serge-wp)


    I often find myself wanting to show one particular picture album to one group of friends, other albums to other groups, and was wondering if I could do this in a more efficient way with WPPA+ [rather than my current (complicated) manual organisation].

    Ideally I’d be able to allow different WP users to view albums I create, such that e.g. my cousins might be able to see my pics of our latest family reunion, or the folks whom I met on a recent holiday could view my snaps from that trip, while the latter should not be able to see the former (and vice-versa, unless I set that).

    Can this be done in WPPA+? … or am I barking up the wrong tree?

    Many thanks,
    serge

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Jacob N. Breetvelt

    (@opajaap)

    Currently we have the restriction that photos with status private can only be seen by loggedin visitors.

    The problem we ae facing is the fact that it is not very usefull to restrict viewing on an album basis. Albums are just a way to group photos and photos can be accessed without referencing the album where they belong to.

    One example:
    Look at (my dev site) https://betatest.opajaap.nl/testpage/

    The visitor might change the url into:
    https://betatest.opajaap.nl/testpage/?occur=1&cover=0&photo=1550

    This shows a different photo; he can enter any photo id in &photo=…
    The only test is if the user is loggedin or the status of the photo not being private.

    No check is done against the album metadata of the photo’s album.

    I could implement a check against certain album metadata, but that would enormously complicate the entire plugin (approx 200 queries should be changed) and should result in serious performance regression.

    I suggest you do the following:

    To cope with the particular issue above, you should enable encrypted links in Table IV-A6.1 and refuse unecrypted in Table IV-A6.2. But… this still does not help you with your issue.

    Put the albums with a shortcode on a page and make the page accessable to the visitors that are allowed to see the content of those albums. This should be easier.

    Thanks so much, Jacob, for taking the time to answer my wishlist request in such a detailed manner.

    Indeed, it makes little sense to check the album metadata and thus create a performance hit for all users when this is but a more specialised application (albeit one that IMHO might be quite popular, as I’ve been asked for this option by a number of friends…)

    I will try your suggestion to set WPPA+ to use only encrypted links and place the albums on a page accessible only to particular registered users. It looks like there are a number of WP plugins that might do this trick, although some do not have the highest review scores(…)
    I’ll report back on the outcome, just in case someone else might like to try something similar in the future. [just gimme a little time… ;-]

    Cheers,
    serge

    Well, it took quite some sleuthing, but I’m glad to report that your suggestion worked, Jacob. Full marks to you once again! 🙂

    I’ve ploughed my way through many a web page that vaguely came within what I intended to do and kissed a number of frogs along the way (read: tried quite a few plugins); many turned out to be emperors (i.e. much too advanced/complicated/fully-featured), while others weren’t even blue-blooded, i.e. just far too weak for my purposes.

    In the end, I learned that I needed to think of my site as a “membership site”. Again, there was a multitude of options, but after some trials, my “frog-turned-prince” was the “WordPress Simple Membership plugin” (https://simple-membership-plugin.com), with which I can make unlimited membership levels as well as add unlimited members, who -upon logging in- are redirected to a new page I can set for each level (yes, that took a further addon; “After Login Redirection”). And all for free :-))

    Logged in as a testuser, I’ve tried to hack my way to other albums which my testuser wasn’t supposed to see, but the combination of needing a corresponding login for the page on which the album is referred to and the encrypted photo links (/refuse unencrypted) you suggested above successfully kept me out of where testuser shouldn’t be. While there may well be ways to gain access which I haven’t attempted, I’m reasonably confident that these are reserved to a few advanced hackers who’d get in anywhere, regardless of any barriers…

    Once again, many thanks Jacob, for pointing me in the right direction!
    serge

    Plugin Author Jacob N. Breetvelt

    (@opajaap)

    Thanx for coming back with this good news!

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.