Update readme with thoughts about permissions

This commit is contained in:
voussoir 2017-09-29 14:28:16 -07:00
parent 0849796986
commit ad00854a18

View file

@ -32,12 +32,37 @@ If you are interested in helping, please raise an issue before making any pull r
- Replace columns like area, ratio, bitrate by using expression indices or views (`width * height` etc).
- Add some way to support large image albums without flooding the search results. Considering a "hidden" property so that a handful of representative images can appear in the search results, and the rest can be found on the actual Album page.
- Add a `Photo.merge` to combine duplicate entries.
- Generate thumbnails for vector files.
- Generate thumbnails for vector files without falling victim to bombs.
- Allow photos to have nonstandard, orderby-able properties like "release year". How?
- Make the FFmpeg path configurable. Some kind of global config? Or part of the database config file? It's not like every photodb needs a separate one.
- Improve the appearance of album page. Too many section headers and the "Create album" interface should allow giving a title immediately.
- When users have '%' or '#', etc. in their username, it is difficult to access their /user/ URL. I would prefer to fix it without simply blacklisting those characters.
### To do list: User permissions
Here are some thoughts about the kinds of features that need to exist within the permission system. I don't know how I'll actually manage it just yet. Possibly a `permissions` table in the database with `user_id | permission` where `permission` is some reliably-formatted string.
- Preventing logged out users from viewing any page except root and /login.
- Uploading photos (`can_upload`)
- File extension restrictions
- Add / remove tags from photo
- My own photos (`can_tag_own`)
- Explicit individual allow / deny (`can_tag_photo:<photo_id>`)
- General allow / deny (`can_tag`)
- Deleting photos
- etc
- Creating albums
- As children of my own albums
- Add / remove photos from album, edit title / desc.
- My own albums (`can_edit_album_own`)
- Explicit (`can_edit_album:<album_id>`)
- General (`can_edit_album`)
- Deleting albums
- etc
- Creating tags (`can_create_tag`)
- Deleting tags (`can_delete_tag`)
- Only those that I have created (`can_delete_tag_own`)
- Any time vs. only if they are not in use (`can_delete_tag_in_use`)
### Changelog
- **[addition]** A new feature was added.