Anonymous users (Everybody) having Gallery2 access rights of registered users

Events happening in the community are now at Drupal community events on www.drupal.org.
micf-gdo's picture
Posted by micf-gdo on May 27, 2008 at 7:24am

This one took me a while to resolve. I am sure not many users will fall into this trap. I hope this post makes life easier for those with the same setup and maybe lead to a little improvement in future. The post about necessary rows in the Gallery2 table handling authorization for Everybody gave me the clue, as I am neither expert with Drupal or Gallery2 intrinsics. See http://gallery.menalto.com/node/61382

Sympton
Anonymous users on my website had the same access to Gallery2 as registered users.
Problem
Everybody access is handled through a special "guest" user in Gallery2. I had an additional row in g2_UserGroupMap that mapped the "guest" user to the "Registered users" group.
Cause
I had a Drupal user account "guest". While I have not verified this, I suspect that the user synchronization in gallery module simply synchronized the "guest" user with Gallery2 like any other user and added the mapping to the "Registered users" group.
Workaround
Delete the respective row in g2_UserGroupMap. Do not use a "guest" user in Drupal. I used it only for testing purposes.
Proposal
I would suggest that the gallery module excludes the "guest" user from synchronization and provides an appropriate warning/information.
Categories: , , ,

Comments

Other causes

Posted by thermador on December 15, 2008 at 8:12pm
thermador's picture

I'm not sure what my cause was for this, but I had the same problem and I DID NOT have a Drupal user account "guest."

I discovered if you're running a Drupal site that's entirely private, anything you add to the gallery can still be accessed by the public by typing in www.yourdomain.com/gallery2 and viewing the albums using the Gallery2 interface.

For private sites, I had to edit the permissions of my main album and remove the "Everyone" group from having access. Strangely, if you add the "Registered Users" group as having access (Permission = "View all versions"), the public will still be able to access the site.

What you should do if you are running an entirely private site is create a new Role (let's say you called it "site users") in Drupal that has the same permissions as Drupal's Role "Authenticated User." Then go into the Gallery2 permissions and give only that new role permissions to access the main gallery.

Perhaps this is a user migration issue, but I had it happen on two separate sites with fresh installations of Drupal 6.8 + Gallery 2.3.

Resolved

Posted by MjrNuT on September 12, 2009 at 5:29pm
MjrNuT's picture

Resolved.

Gallery2 Integration

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: