lastzero
commented
3 years ago Related to multi-user support. For now, you can simply run two instances. One public, one with login.
Open Fullinator opened 3 years ago
lastzero
commented
3 years ago Related to multi-user support. For now, you can simply run two instances. One public, one with login.
Fullinator
commented
3 years ago Related to multi-user support. For now, you can simply run two instances. One public, one with login.
This would be a valid work around except for the inability to completely turn the public instance read-only. I can disable file uploads, album creation, etc but photo info, album info, etc can still be modified on the read-only instance.
Steps to reproduce:
PHOTOPRISM_PUBLIC: "true" and PHOTOPRISM_PUBLIC: "true" config optionsFullinator
commented
3 years ago I also think that private and hidden photos should not show up in public mode. Especially since there's currently no way to delete photos from PhotoPrism. Accidentally upload the wrong photo and it's there until someone manually goes and deletes the files.
lastzero
commented
3 years ago You can turn editing and the archive off in Settings and then disable settings in the main config as well. Readonly means files can not be added to originals, but metadata in the index can still be edited. Won't modify your files.
graciousgrey
commented
3 years ago I also think that private and hidden photos should not show up in public mode. --> This will be part of multi-user management. Setting detailed permissions for different users or maybe even set permissions for anonymous users/public. Deletion of photos is one of the next features to be implemented: https://github.com/photoprism/photoprism/projects/5
swingstate
commented
3 years ago +up vote for multi-user management.
Fullinator
commented
3 years ago Was there an update a month or so ago that checks if the storage is writeable?
running as uid 0
photoprism start
time="2021-02-25T16:58:21Z" level=fatal msg="storage not writable"This is an unfortunate regression considering how metadata can still be edited when the server is in public mode. Are we able to stop the writeable check until I can fully enforce that nothing can be edited in public mode?
lastzero
commented
3 years ago We need storage for caching and thumbnails as well. It should be writable. How is this a regression?
Fullinator
commented
3 years ago Perhaps it's not a regression but a lucky happenstance that I was able to get ReadOnly working before. Is it just the storage/cache folder that needs Read/Write? I can always pass in with RW and the rest with RO. Unfortunately, passing in the others as RO are required since metdata can still be modified in RO mode.
lastzero
commented
3 years ago Read only mode and mounts are vor originals, not the cache folder. A cache you can not write is useless.
Fullinator
commented
3 years ago I understand how a non writeable cache is useless. I'm trying to figure out how to run this application so random visitors can't completely overwrite the metdata of my photos. Even when setting photoprism to read only mode, metdata is still editable. Thus why I'm trying to pass in certain folders as read only to the container.
I just tried passing in a ramdisk for the cache folder. That seems to have broken things pretty badly. Is the cache not built on the fly?
lastzero
commented
3 years ago I see, so far only album sharing was designed for this use case. Note that your originals won't get changed in any way, it's just index data. Read-only mode is for files, not the database or the cache. You may try to turn off Edit is Settings > General. If it doesn't block the update photo API, let me know. Easy to fix.
Fullinator
commented
3 years ago Ah, I'm starting to remember why I wanted to pass in the folders as RO originally. Perhaps sharing a little more about my deployment will make this clear:
I run two instances of photoprism:
A) private instance that requires login. I use this to upload photos, edit metadata, etc. B) Read Only public instance that anyone can hit to view the photos.
Both of these instances have to share the same storage and originals folder. Therefore, disabling editing in the public one will disable it in the private one as well. I think I can get pretty tricky with these container directory mounts and give the public one its' own settings folder so this problem is resolved.
On a side note, what's the estimated timeline on when multi user support will be added?
Fullinator
commented
3 years ago Thanks @lastzero for your incredibly prompt responses.
My solution with multiple settings folders being passed in works. For anyone interested in the work around, I'll list it here:
In the directory that stores the data for photoprism I have this:
albums
cache
index.db
private_settings
public_settings
serial settings
sidecarI then pass in the private/public settings folders to the private/public containers respectively. I don't use docker, but in Kubernetes the yaml to achieve this is:
...
volumeMounts:
- name: data
mountPath: "/photoprism/storage"
readOnly: false
- name: originals
mountPath: "/photoprism/originals"
readOnly: false
- name: settings
mountPath: "/photoprism/storage/settings"
readOnly: true
volumes:
- name: data
hostPath:
path: "/path/to/data/photoprism/config/data"
type: Directory
- name: originals
hostPath:
path: "/path/to/data/photoprism/config/originals"
type: Directory
- name: settings
hostPath:
path: "/path/to/data/photoprism/config/data/public_settings"
type: Directory
...Do the same thing for the private instance but set the right hostPath and take the mount as readOnly: false
Keep in mind that you still have to pass in the env variable of:
...
- name: PHOTOPRISM_DISABLE_SETTINGS
value: "true"
...Also keep in mind that you can no longer edit the settings via the web UI and must edit the file. Photoprism seems to require a restart to load the settings.
psa
commented
3 years ago Even with -p -r --disable-settings flags, the album metadata is still editable, albums can be deleted, photos can be archived and the private flag can be set on photos.
lastzero
commented
3 years ago Yes, that's true. Read only refers to original files, not albums.
esmiles711
commented
1 year ago I would really like this feature! I want my family to be able to visit my domain anytime they want and view picture albums I select as public. Yes I can send privately shared links in email but a Public Image Wall is much simpler. An auto email notification would be nice also - my family can simply subscribe and be alerted when new photo albums are added.
ravenpi
commented
10 months ago OK. I'm a newbie user of PhotoPrism, but c'mon, now. This is literally the only thing keeping PhotoPrism from being a kick-a** family photo/video album. This is far and away the best package I've found (sorry, PhotoFloat!), and I'm just boggling I can't simply point people without accounts to a non-authenticated URL for browsing. I'll buy pizzas -- even a bunch of them -- if that might serve as incentive. Please consider implementing this (IMHO) much-needed feature. I'll also point out that I seem to be pretty far from the only one who's looking for this.
Thanks!
satoshinotdead
commented
9 months ago Does anybody know a simple app (open-source too) that can use the same files and display the showcase as workaround?
jojo-gfx
commented
9 months ago Have Piwigo now on a separate server for it. Photoprism I have still only for archiving data on a local server.
Fullinator
commented
9 months ago @satoshinotdead I posted a solution in this issue earlier. You run two instances of Photoprism with one being public but you pass in the volumes as read only so the settings and image metadata can’t be changed. Kind of annoying but it gets you the full photoprism experience this issue is asking for.
jojo-gfx
commented
9 months ago Per using docker doesn't work I would think. Generally my docker is hanging up the photoprism container any days so isn't good to go outside with it. But for installations without docker the solution sounds ok. ;)
ravenpi
commented
9 months ago I like the read-only work-around, but there's no way to make it public without authentication, is there?
-K
On 2023-09-19 10:37, Fullinator wrote:
@satoshinotdead [1] I posted a solution in this issue earlier. You run two instances of Photoprism with one being public but you pass in the volumes as read only so the settings and image metadata can't be changed. Kind of annoying but it gets you the full photoprism experience this issue is asking for.
-- Reply to this email directly, view it on GitHub [2], or unsubscribe [3]. You are receiving this because you commented.Message ID: @.***>
[1] https://github.com/satoshinotdead [2] https://github.com/photoprism/photoprism/issues/669#issuecomment-1725775158 [3] https://github.com/notifications/unsubscribe-auth/ABNJIIJZU4KJ3V3TZSGQHXLX3GU27ANCNFSM4UILX2BA
Fullinator
commented
9 months ago Per using docker doesn't work I would think. Generally my docker is hanging up the photoprism container any days so isn't good to go outside with it. But for installations without docker the solution sounds ok. ;)
I run my solution using the provided docker image from photoprism in my Kubernetes cluster. I think it would be more difficult to run my solution with the non docker install IMO.
Fullinator
commented
9 months ago I like the read-only work-around, but there's no way to make it public without authentication, is there? -K On 2023-09-19 10:37, Fullinator wrote: @satoshinotdead [1] I posted a solution in this issue earlier. You run two instances of Photoprism with one being public but you pass in the volumes as read only so the settings and image metadata can't be changed. Kind of annoying but it gets you the full photoprism experience this issue is asking for. -- Reply to this email directly, view it on GitHub [2], or unsubscribe [3]. You are receiving this because you commented.Message ID: @.***> Links: ------ [1] https://github.com/satoshinotdead [2] #669 (comment) [3] https://github.com/notifications/unsubscribe-auth/ABNJIIJZU4KJ3V3TZSGQHXLX3GU27ANCNFSM4UILX2BA
You can make it public without authentication. You need to set ‘PHOTOPRISM_PUBLIC: "true"’
and also
‘PHOTOPRISM_DISABLE_SETTINGS’
you’ll also need to pass in the RO volumes as mentioned earlier otherwise the metadata is still editable. If you have difficulty getting this set up I can share my latest Kubernetes manifest files for you to use as an example.
ravenpi
commented
9 months ago On 2023-09-19 16:02, Fullinator wrote:
You can make it public without authentication. You need to set 'PHOTOPRISM_PUBLIC: "true"'
and also
'PHOTOPRISM_DISABLE_SETTINGS'
you'll also need to pass in the RO volumes as mentioned earlier otherwise the metadata is still editable. If you have difficulty getting this set up I can share my latest Kubernetes manifest files for you to use as an example.
Oh, excellent! I use btrfs, so creating a read-only snapshot will be trivial. Thanks!
-Ken
satoshinotdead
commented
1 month ago Is possible to allow or skip the writing of test file when using an instance with volume on only_read mode? I'm trying to link the folders and use read-only on public instance but it's not working because of that:
Failed creating test file in storage folder, see https://docs.photoprism.app/getting-started/troubleshooting/docker/#file-permissions
I'd like the ability to set albums as "public" so anonymous (not logged in) users can see them without logging in. Currently the only way to achieve this is to share the album link but this requires users to have the direct link. It'd be nice if they could navigate to the website and view any publicly available albums, videos, places, etc.