photoprism / photoprism

AI-Powered Photos App for the Decentralized Web 🌈💎✨
https://www.photoprism.app
Other
35.53k stars 1.97k forks source link

Sharing: Public Image Wall #669

Open Fullinator opened 3 years ago

Fullinator commented 3 years ago

I'd like the ability to set albums as "public" so anonymous (not logged in) users can see them without logging in. Currently the only way to achieve this is to share the album link but this requires users to have the direct link. It'd be nice if they could navigate to the website and view any publicly available albums, videos, places, etc.

lastzero commented 3 years ago

Related to multi-user support. For now, you can simply run two instances. One public, one with login.

Fullinator commented 3 years ago

Related to multi-user support. For now, you can simply run two instances. One public, one with login.

This would be a valid work around except for the inability to completely turn the public instance read-only. I can disable file uploads, album creation, etc but photo info, album info, etc can still be modified on the read-only instance.

Steps to reproduce:

Fullinator commented 3 years ago

I also think that private and hidden photos should not show up in public mode. Especially since there's currently no way to delete photos from PhotoPrism. Accidentally upload the wrong photo and it's there until someone manually goes and deletes the files.

lastzero commented 3 years ago

You can turn editing and the archive off in Settings and then disable settings in the main config as well. Readonly means files can not be added to originals, but metadata in the index can still be edited. Won't modify your files.

graciousgrey commented 3 years ago

I also think that private and hidden photos should not show up in public mode. --> This will be part of multi-user management. Setting detailed permissions for different users or maybe even set permissions for anonymous users/public. Deletion of photos is one of the next features to be implemented: https://github.com/photoprism/photoprism/projects/5

swingstate commented 3 years ago

+up vote for multi-user management.

Fullinator commented 3 years ago

Was there an update a month or so ago that checks if the storage is writeable?

running as uid 0
photoprism start
time="2021-02-25T16:58:21Z" level=fatal msg="storage not writable"

This is an unfortunate regression considering how metadata can still be edited when the server is in public mode. Are we able to stop the writeable check until I can fully enforce that nothing can be edited in public mode?

lastzero commented 3 years ago

We need storage for caching and thumbnails as well. It should be writable. How is this a regression?

Fullinator commented 3 years ago

Perhaps it's not a regression but a lucky happenstance that I was able to get ReadOnly working before. Is it just the storage/cache folder that needs Read/Write? I can always pass in with RW and the rest with RO. Unfortunately, passing in the others as RO are required since metdata can still be modified in RO mode.

lastzero commented 3 years ago

Read only mode and mounts are vor originals, not the cache folder. A cache you can not write is useless.

Fullinator commented 3 years ago

I understand how a non writeable cache is useless. I'm trying to figure out how to run this application so random visitors can't completely overwrite the metdata of my photos. Even when setting photoprism to read only mode, metdata is still editable. Thus why I'm trying to pass in certain folders as read only to the container.

I just tried passing in a ramdisk for the cache folder. That seems to have broken things pretty badly. Is the cache not built on the fly?

lastzero commented 3 years ago

I see, so far only album sharing was designed for this use case. Note that your originals won't get changed in any way, it's just index data. Read-only mode is for files, not the database or the cache. You may try to turn off Edit is Settings > General. If it doesn't block the update photo API, let me know. Easy to fix.

Fullinator commented 3 years ago

Ah, I'm starting to remember why I wanted to pass in the folders as RO originally. Perhaps sharing a little more about my deployment will make this clear:

I run two instances of photoprism:

A) private instance that requires login. I use this to upload photos, edit metadata, etc. B) Read Only public instance that anyone can hit to view the photos.

Both of these instances have to share the same storage and originals folder. Therefore, disabling editing in the public one will disable it in the private one as well. I think I can get pretty tricky with these container directory mounts and give the public one its' own settings folder so this problem is resolved.

On a side note, what's the estimated timeline on when multi user support will be added?

Fullinator commented 3 years ago

Thanks @lastzero for your incredibly prompt responses.

My solution with multiple settings folders being passed in works. For anyone interested in the work around, I'll list it here:

In the directory that stores the data for photoprism I have this:

albums
cache
index.db 
private_settings  
public_settings  
serial  settings  
sidecar

I then pass in the private/public settings folders to the private/public containers respectively. I don't use docker, but in Kubernetes the yaml to achieve this is:

...
          volumeMounts:
          - name: data
            mountPath: "/photoprism/storage"
            readOnly: false
          - name: originals
            mountPath: "/photoprism/originals"
            readOnly: false
          - name: settings
            mountPath: "/photoprism/storage/settings"
            readOnly: true
      volumes:
      - name: data
        hostPath:
          path: "/path/to/data/photoprism/config/data"
          type: Directory
      - name: originals
        hostPath:
          path: "/path/to/data/photoprism/config/originals"
          type: Directory
      - name: settings
        hostPath:
          path: "/path/to/data/photoprism/config/data/public_settings"
          type: Directory
...

Do the same thing for the private instance but set the right hostPath and take the mount as readOnly: false

Keep in mind that you still have to pass in the env variable of:

...
          - name: PHOTOPRISM_DISABLE_SETTINGS
            value: "true"
...

Also keep in mind that you can no longer edit the settings via the web UI and must edit the file. Photoprism seems to require a restart to load the settings.

psa commented 3 years ago

Even with -p -r --disable-settings flags, the album metadata is still editable, albums can be deleted, photos can be archived and the private flag can be set on photos.

lastzero commented 3 years ago

Yes, that's true. Read only refers to original files, not albums.

esmiles711 commented 2 years ago

I would really like this feature! I want my family to be able to visit my domain anytime they want and view picture albums I select as public. Yes I can send privately shared links in email but a Public Image Wall is much simpler. An auto email notification would be nice also - my family can simply subscribe and be alerted when new photo albums are added.

ravenpi commented 1 year ago

OK. I'm a newbie user of PhotoPrism, but c'mon, now. This is literally the only thing keeping PhotoPrism from being a kick-a** family photo/video album. This is far and away the best package I've found (sorry, PhotoFloat!), and I'm just boggling I can't simply point people without accounts to a non-authenticated URL for browsing. I'll buy pizzas -- even a bunch of them -- if that might serve as incentive. Please consider implementing this (IMHO) much-needed feature. I'll also point out that I seem to be pretty far from the only one who's looking for this.

Thanks!

satonotdead commented 1 year ago

Does anybody know a simple app (open-source too) that can use the same files and display the showcase as workaround?

jojo-gfx commented 1 year ago

Have Piwigo now on a separate server for it. Photoprism I have still only for archiving data on a local server.

Fullinator commented 1 year ago

@satoshinotdead I posted a solution in this issue earlier. You run two instances of Photoprism with one being public but you pass in the volumes as read only so the settings and image metadata can’t be changed. Kind of annoying but it gets you the full photoprism experience this issue is asking for.

jojo-gfx commented 1 year ago

Per using docker doesn't work I would think. Generally my docker is hanging up the photoprism container any days so isn't good to go outside with it. But for installations without docker the solution sounds ok. ;)

ravenpi commented 1 year ago

I like the read-only work-around, but there's no way to make it public without authentication, is there?

-K

On 2023-09-19 10:37, Fullinator wrote:

@satoshinotdead [1] I posted a solution in this issue earlier. You run two instances of Photoprism with one being public but you pass in the volumes as read only so the settings and image metadata can't be changed. Kind of annoying but it gets you the full photoprism experience this issue is asking for.

-- Reply to this email directly, view it on GitHub [2], or unsubscribe [3]. You are receiving this because you commented.Message ID: @.***>

Links:

[1] https://github.com/satoshinotdead [2] https://github.com/photoprism/photoprism/issues/669#issuecomment-1725775158 [3] https://github.com/notifications/unsubscribe-auth/ABNJIIJZU4KJ3V3TZSGQHXLX3GU27ANCNFSM4UILX2BA

Fullinator commented 1 year ago

Per using docker doesn't work I would think. Generally my docker is hanging up the photoprism container any days so isn't good to go outside with it. But for installations without docker the solution sounds ok. ;)

I run my solution using the provided docker image from photoprism in my Kubernetes cluster. I think it would be more difficult to run my solution with the non docker install IMO.

Fullinator commented 1 year ago

I like the read-only work-around, but there's no way to make it public without authentication, is there? -K On 2023-09-19 10:37, Fullinator wrote: @satoshinotdead [1] I posted a solution in this issue earlier. You run two instances of Photoprism with one being public but you pass in the volumes as read only so the settings and image metadata can't be changed. Kind of annoying but it gets you the full photoprism experience this issue is asking for. -- Reply to this email directly, view it on GitHub [2], or unsubscribe [3]. You are receiving this because you commented.Message ID: @.***> Links: ------ [1] https://github.com/satoshinotdead [2] #669 (comment) [3] https://github.com/notifications/unsubscribe-auth/ABNJIIJZU4KJ3V3TZSGQHXLX3GU27ANCNFSM4UILX2BA

You can make it public without authentication. You need to set ‘PHOTOPRISM_PUBLIC: "true"’

and also

‘PHOTOPRISM_DISABLE_SETTINGS’

you’ll also need to pass in the RO volumes as mentioned earlier otherwise the metadata is still editable. If you have difficulty getting this set up I can share my latest Kubernetes manifest files for you to use as an example.

ravenpi commented 1 year ago

On 2023-09-19 16:02, Fullinator wrote:

You can make it public without authentication. You need to set 'PHOTOPRISM_PUBLIC: "true"'

and also

'PHOTOPRISM_DISABLE_SETTINGS'

you'll also need to pass in the RO volumes as mentioned earlier otherwise the metadata is still editable. If you have difficulty getting this set up I can share my latest Kubernetes manifest files for you to use as an example.

Oh, excellent! I use btrfs, so creating a read-only snapshot will be trivial. Thanks!

-Ken

satonotdead commented 6 months ago

Is possible to allow or skip the writing of test file when using an instance with volume on only_read mode? I'm trying to link the folders and use read-only on public instance but it's not working because of that:

Failed creating test file in storage folder, see https://docs.photoprism.app/getting-started/troubleshooting/docker/#file-permissions