Real User Managment (RUM)

[bigretromike]

Currently there is no real user management. Half of function don't event check it. There are data leaks between current user-system. Also in few cases people (CuddleBear) use two separate because some settings are global and not per user.

[ElementalCrisis]

We don't need multiple users levels, just two.

• Admin
• Normal User

The only difference is that an Admin can make changes to the database setup and add/remove/modify Import Folders. Just about all other settings should be configurable by everyone.

We can also add presets for things like Family Friendly which is currently a separate user account, the admin would select this option and the tags would be blocked on the account and hidden from the user so they could not modify them. Series. Images and Tags should all check not only for the user level, but any of the presets we add.

I don't think we should have separate import folders per user, that's not how JMM was designed and would require a lot of work. Instead we work towards allowing two instances of JMM Server to be run, but that's for another issue. If a user wanted separate content per user then they can just create two users that each block the content of the other.

[bigretromike]

So basicly its no go for you. There colud be simply shared shares like you would add folder and chcek if other users can access it, different anidb account, currently you can add you gdrive and i will be able to browser and access it - thats bad also whats the point of running twice the app to support multi user env ?

On September 19, 2016 3:16:17 PM GMT+02:00, ElementalCrisis notifications@github.com wrote:

We don't need multiple users levels, just two.

• Admin
• Normal User

The only difference is that an Admin can make changes to the database setup and add/remove/modify Import Folders. Just about all other settings should be configurable by everyone.

We can also add presets for things like Family Friendly which is currently a separate user account, the admin would select this option and the tags would be blocked on the account and hidden from the user so they could not modify them. Series. Images and Tags should all check not only for the user level, but any of the presets we add.

I don't think we should have separate import folders per user, that's not how JMM was designed and would require a lot of work. Instead we work towards allowing two instances of JMM Server to be run, but that's for another issue. If a user wanted separate content per user then they can just create two users that each block the content of the other.

You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: https://github.com/japanesemediamanager/jmmserver/issues/426#issuecomment-247989817

Sent from my Android device with K-9 Mail. Please excuse my brevity.

[maxpiva]

What is the use case of this? We see folders as repositories of anime. JMMServer must have access to all folders.

Usage restrictions are in place so you can control what user have access to something. Maybe you should reask, if we can add a new GroupFilter that can control what importfolder the user can View, and filter according like tags.

Anyhow, this is real work, and this is an open project. so...

[bigretromike]

I agree that jmm should have access but not all the users. User should not see each other files/imports until the user that manage it own sources add second use to that access

On September 19, 2016 6:40:48 PM GMT+02:00, Maximo Piva notifications@github.com wrote:

What is the use case of this? We see folders as repositories of anime. JMMServer must have access to all folders.

Usage restrictions are in place so you can control what user have access to something. Maybe you should reask, if we can add a new GroupFilter that can control what importfolder the user can View, and filter according like tags.

Anyhow, this is real work, and this is an open project. so...

You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: https://github.com/japanesemediamanager/jmmserver/issues/426#issuecomment-248047283

Sent from my Android device with K-9 Mail. Please excuse my brevity.

[maxpiva]

The best way to do it, IMHO, is adding a GroupFilter with IN and NOT IN ImportFolders, then add the posibility of restrict GroupFilters or enable groupfilters to users. That will open the system to have a very good granularity of what users can or cannot view, including some folders. The only problem i see, is, when a series have some Anime that is sharing anime between import folders. That could be a problem.

[bigretromike]

thats look good, imo, but also we would need add propel db structure to hold per user settings - not all of them (as some will have to stay global) but some

[ElementalCrisis]

What we need is JMM Server to handle user accounts and permission levels allowing our users to create accounts that could be given to friends who then could use one of the supported programs or plugins to access the main users collection.

These accounts would not need their own import folders and should not have the ability to add one, that just seems like a nightmare. What they do need is their own watched states, AniDB and Community accounts and any other settings we currently that relate to the user.

[maxpiva]

What i like to see, but need a refactor is the following: One master AniDB account tied to the collection, then unlimited number of AniDB Slaves, TVDB, MAL, Trakt. Every user can have any one of those or inherit permission from a father account, also per type account, stop inheritance. Per example, if inherits an user that have a MAL account, and the user do not have MAL account, if set something as watched, it will be set as watched in the parent account, but if the father account have Trakt, and the client account not, you can turn off trakt inheritance, to not propagate watch status. In this way we can have two types of users, real ones, and restricted ones. All this refactor means we have to refactor the AniDB communication library to support multi seat. Probably grouping commands by login. Not all, since slaves only need a limited command set, watched, etc. We could also instead of using inheritance. Split users, like JMMUser, then AniDB Users, TraktUsers, TVDBuser, MalUsers, etc. And every JMMUser is linked to one of those.

On the restriction zone, we need to probably support groupfilter filtering per user, (like tags/categories). For other restrictions like folder restriction, we could add a Import Folder GroupFilter Condition.

[ElementalCrisis]

I like it, we should make this the focus of the next version. :)

[ElementalCrisis]

Updating with latest developments.

Instead of using RUM, @maxpiva suggested the following which seems like a better fit.

What about this, we leave users as is, we only verify optional auth to the users, but we add another layer devices, and devices can be anything we support, here is there thing, every time you run a new client, new plex client, new nakamori, you need to register the device, after registration, you can map what users have access to what device. We change signatures with userid with a session, and we add a few Device registration a User authorization methods kinda -> Register Device() (Plex like) -> Authorize Device(string token) -> session = AuthorizeUser(token, user, password). First, on multiuser, only Trakt will be available for extra users. AniDB is impossible without a child account, since the user and you should share the same collection, TvDB and MovieDB are metadata providers, so no need in here....MAL is almost the same as AniDB as it tracks collections. You could give a friend your ip, and tell him to run Shoko Client, Device Auth -> token -> Device Registered. After that, you could give your friend his own user, or a friend user, it could be connected to TRakt or not since admin can map whatever device to whatever user/users.

Admin will be able to grant / remove access to certain sections in Server, Desktop or other clients.

[bigretromike]

So you planing to do same 'session' thing as the auth in apiv2 does now. But settings per user would be also great ;-)

[ElementalCrisis]

Should get on Discord to discuss in real time. :)