[Feature] Allow media working group to create draft albums

[TobiasDeBruijn]

Feature request by @SilasPeters from the media working group.

The idea

• A way for members of the working group, or other people for that matter, to upload to Chroma
• Currently Google Photo's is used, however this means that enough Google Drive space must be available, and will be used while the album is on Google Photo's.

The plan

1. Implement an ACL where admin members can grant specific user (by Koala email address) the permission to create draft albums.
   • These albums are not publicly visible, but instead are only visible to administrators and the user that created the draft album
   • Possibly implement ACL groups, such that all users in the group can access the albums of other members of that same group
   • OAuth2 currently determines the access rights of a user, this would implement a second scope managment system purely for, do we want that?
2. Allow users with the appropriate permissions to create draft albums and upload media to it.
3. Profit

@Riscky What is your opinion on my proposed plan?

[SilasPeters]

Thanks @TobiasDeBruijn for adding this to github!

I would just like to add that perhaps its even worth it to permanently trust some users with access to create a draft album any time they want, so that this requires less communication with the board. This seperates the content creation and content management done by the board.

[TobiasDeBruijn]

That was my idea yes. The permission would be granted until manually revoked by an admin user.

[Riscky]

@Riscky What is your opinion on my proposed plan?

I think the approach looks good. I would keep it simple and not bother with ACL groups (at least for now).

OAuth2 currently determines the access rights of a user, this would implement a second scope management system purely for chroma, do we want that?

Preferably not of course. There is a long standing idea (although I can't find an issue) to expose the committees in Koala via OAuth, so applications like Chroma can grant certain permissions to certain groups. I haven't played about with OAuth in a while, but I don't think this should be too hard to implement.

[TobiasDeBruijn]

I think the approach looks good. I would keep it simple and not bother with ACL groups (at least for now).

Fair, I'll leave that to the future.

Preferably not of course. There is a long standing idea (although I can't find an issue) to expose the committees in Koala via >OAuth, so applications like Chroma can grant certain permissions to certain groups. I haven't played about with OAuth in a while, >but I don't think this should be too hard to implement.

If someone would implement that, I'd love to use it for Chroma. However, I'm not well versed in Ruby or Koala. I think I'll implement it in Chroma itself currently, though with the note that when Koala exposes this information, we should switch the implementation over.