Open Fullinator opened 3 years ago
Related to multi-user support. For now, you can simply run two instances. One public, one with login.
Related to multi-user support. For now, you can simply run two instances. One public, one with login.
This would be a valid work around except for the inability to completely turn the public instance read-only. I can disable file uploads, album creation, etc but photo info, album info, etc can still be modified on the read-only instance.
Steps to reproduce:
PHOTOPRISM_PUBLIC: "true"
and PHOTOPRISM_PUBLIC: "true"
config optionsI also think that private and hidden photos should not show up in public mode. Especially since there's currently no way to delete photos from PhotoPrism. Accidentally upload the wrong photo and it's there until someone manually goes and deletes the files.
You can turn editing and the archive off in Settings and then disable settings in the main config as well. Readonly means files can not be added to originals, but metadata in the index can still be edited. Won't modify your files.
I also think that private and hidden photos should not show up in public mode. --> This will be part of multi-user management. Setting detailed permissions for different users or maybe even set permissions for anonymous users/public. Deletion of photos is one of the next features to be implemented: https://github.com/photoprism/photoprism/projects/5
+up vote for multi-user management.
Was there an update a month or so ago that checks if the storage is writeable?
running as uid 0
photoprism start
time="2021-02-25T16:58:21Z" level=fatal msg="storage not writable"
This is an unfortunate regression considering how metadata can still be edited when the server is in public mode. Are we able to stop the writeable check until I can fully enforce that nothing can be edited in public mode?
We need storage for caching and thumbnails as well. It should be writable. How is this a regression?
Perhaps it's not a regression but a lucky happenstance that I was able to get ReadOnly working before. Is it just the storage/cache folder that needs Read/Write? I can always pass in with RW and the rest with RO. Unfortunately, passing in the others as RO are required since metdata can still be modified in RO mode.
Read only mode and mounts are vor originals, not the cache folder. A cache you can not write is useless.
I understand how a non writeable cache is useless. I'm trying to figure out how to run this application so random visitors can't completely overwrite the metdata of my photos. Even when setting photoprism to read only mode, metdata is still editable. Thus why I'm trying to pass in certain folders as read only to the container.
I just tried passing in a ramdisk for the cache folder. That seems to have broken things pretty badly. Is the cache not built on the fly?
I see, so far only album sharing was designed for this use case. Note that your originals won't get changed in any way, it's just index data. Read-only mode is for files, not the database or the cache. You may try to turn off Edit is Settings > General. If it doesn't block the update photo API, let me know. Easy to fix.
Ah, I'm starting to remember why I wanted to pass in the folders as RO originally. Perhaps sharing a little more about my deployment will make this clear:
I run two instances of photoprism:
A) private instance that requires login. I use this to upload photos, edit metadata, etc. B) Read Only public instance that anyone can hit to view the photos.
Both of these instances have to share the same storage and originals folder. Therefore, disabling editing in the public one will disable it in the private one as well. I think I can get pretty tricky with these container directory mounts and give the public one its' own settings folder so this problem is resolved.
On a side note, what's the estimated timeline on when multi user support will be added?
Thanks @lastzero for your incredibly prompt responses.
My solution with multiple settings folders being passed in works. For anyone interested in the work around, I'll list it here:
In the directory that stores the data for photoprism I have this:
albums
cache
index.db
private_settings
public_settings
serial settings
sidecar
I then pass in the private/public settings folders to the private/public containers respectively. I don't use docker, but in Kubernetes the yaml to achieve this is:
...
volumeMounts:
- name: data
mountPath: "/photoprism/storage"
readOnly: false
- name: originals
mountPath: "/photoprism/originals"
readOnly: false
- name: settings
mountPath: "/photoprism/storage/settings"
readOnly: true
volumes:
- name: data
hostPath:
path: "/path/to/data/photoprism/config/data"
type: Directory
- name: originals
hostPath:
path: "/path/to/data/photoprism/config/originals"
type: Directory
- name: settings
hostPath:
path: "/path/to/data/photoprism/config/data/public_settings"
type: Directory
...
Do the same thing for the private instance but set the right hostPath
and take the mount as readOnly: false
Keep in mind that you still have to pass in the env variable of:
...
- name: PHOTOPRISM_DISABLE_SETTINGS
value: "true"
...
Also keep in mind that you can no longer edit the settings via the web UI and must edit the file. Photoprism seems to require a restart to load the settings.
Even with -p -r --disable-settings
flags, the album metadata is still editable, albums can be deleted, photos can be archived and the private flag can be set on photos.
Yes, that's true. Read only refers to original files, not albums.
I would really like this feature! I want my family to be able to visit my domain anytime they want and view picture albums I select as public. Yes I can send privately shared links in email but a Public Image Wall is much simpler. An auto email notification would be nice also - my family can simply subscribe and be alerted when new photo albums are added.
OK. I'm a newbie user of PhotoPrism, but c'mon, now. This is literally the only thing keeping PhotoPrism from being a kick-a** family photo/video album. This is far and away the best package I've found (sorry, PhotoFloat!), and I'm just boggling I can't simply point people without accounts to a non-authenticated URL for browsing. I'll buy pizzas -- even a bunch of them -- if that might serve as incentive. Please consider implementing this (IMHO) much-needed feature. I'll also point out that I seem to be pretty far from the only one who's looking for this.
Thanks!
Does anybody know a simple app (open-source too) that can use the same files and display the showcase as workaround?
Have Piwigo now on a separate server for it. Photoprism I have still only for archiving data on a local server.
@satoshinotdead I posted a solution in this issue earlier. You run two instances of Photoprism with one being public but you pass in the volumes as read only so the settings and image metadata can’t be changed. Kind of annoying but it gets you the full photoprism experience this issue is asking for.
Per using docker doesn't work I would think. Generally my docker is hanging up the photoprism container any days so isn't good to go outside with it. But for installations without docker the solution sounds ok. ;)
I like the read-only work-around, but there's no way to make it public without authentication, is there?
-K
On 2023-09-19 10:37, Fullinator wrote:
@satoshinotdead [1] I posted a solution in this issue earlier. You run two instances of Photoprism with one being public but you pass in the volumes as read only so the settings and image metadata can't be changed. Kind of annoying but it gets you the full photoprism experience this issue is asking for.
-- Reply to this email directly, view it on GitHub [2], or unsubscribe [3]. You are receiving this because you commented.Message ID: @.***>
[1] https://github.com/satoshinotdead [2] https://github.com/photoprism/photoprism/issues/669#issuecomment-1725775158 [3] https://github.com/notifications/unsubscribe-auth/ABNJIIJZU4KJ3V3TZSGQHXLX3GU27ANCNFSM4UILX2BA
Per using docker doesn't work I would think. Generally my docker is hanging up the photoprism container any days so isn't good to go outside with it. But for installations without docker the solution sounds ok. ;)
I run my solution using the provided docker image from photoprism in my Kubernetes cluster. I think it would be more difficult to run my solution with the non docker install IMO.
I like the read-only work-around, but there's no way to make it public without authentication, is there? -K On 2023-09-19 10:37, Fullinator wrote: @satoshinotdead [1] I posted a solution in this issue earlier. You run two instances of Photoprism with one being public but you pass in the volumes as read only so the settings and image metadata can't be changed. Kind of annoying but it gets you the full photoprism experience this issue is asking for. -- Reply to this email directly, view it on GitHub [2], or unsubscribe [3]. You are receiving this because you commented.Message ID: @.***> Links: ------ [1] https://github.com/satoshinotdead [2] #669 (comment) [3] https://github.com/notifications/unsubscribe-auth/ABNJIIJZU4KJ3V3TZSGQHXLX3GU27ANCNFSM4UILX2BA
You can make it public without authentication. You need to set ‘PHOTOPRISM_PUBLIC: "true"’
and also
‘PHOTOPRISM_DISABLE_SETTINGS’
you’ll also need to pass in the RO volumes as mentioned earlier otherwise the metadata is still editable. If you have difficulty getting this set up I can share my latest Kubernetes manifest files for you to use as an example.
On 2023-09-19 16:02, Fullinator wrote:
You can make it public without authentication. You need to set 'PHOTOPRISM_PUBLIC: "true"'
and also
'PHOTOPRISM_DISABLE_SETTINGS'
you'll also need to pass in the RO volumes as mentioned earlier otherwise the metadata is still editable. If you have difficulty getting this set up I can share my latest Kubernetes manifest files for you to use as an example.
Oh, excellent! I use btrfs, so creating a read-only snapshot will be trivial. Thanks!
-Ken
Is possible to allow or skip the writing of test file when using an instance with volume on only_read mode? I'm trying to link the folders and use read-only on public instance but it's not working because of that:
Failed creating test file in storage folder, see https://docs.photoprism.app/getting-started/troubleshooting/docker/#file-permissions
I'd like the ability to set albums as "public" so anonymous (not logged in) users can see them without logging in. Currently the only way to achieve this is to share the album link but this requires users to have the direct link. It'd be nice if they could navigate to the website and view any publicly available albums, videos, places, etc.