Guests can view images with links

Z471

Core license
License owner
Joined
Feb 11, 2019
Messages
3
Points
53
👉
🎯Description of the issue

I have my sites privacy mode set to "private" and the content privacy mode set to "default". This allows users to view each others photos (good) but it also allows guests to view photos if they have a link (bad).

If I change the default privacy mode to "private self" then users can view each others photos (bad) although neither can guests (good)

I cant work out how to allow users to be the only ones who can view photos on the site.
What have I missed?

▶🚶‍Reproduction steps
  1. Go to Dashboard > Settings > set website privacy mode to private and content privacy mode to default. Now users and guests can view anything
  2. Go to Dashboard > Settings > set website privacy mode to private and content privacy mode to private self. Now users and guests cant view anything
😢Unexpected results

I expected the website privacy mode = private would mean that users that aren't logged in wouldn't be able to see any messages.

📃Error log message

No errors.

Note
I am currently using the free version as I'm trying to work out if it suits my use case. If the feature I'm looking for is only in the paid version that's fine, I just want to make sure that what I want to do (set up a photo hosting site for where only close group of friends can upload and view the photos) is actually possible.

Thanks in advance
 

Rodolfo

Chevereto Developer
Chevereto Staff
Joined
Oct 7, 2008
Messages
16,592
Points
237
Location
Chevereto HQ
Website
rodolfoberrios.com
I think that you are missing the other relevant options that you have available.

Dashboard > Settings > Website > Website privacy: Private
Sets the website into private mode, in which all users needs to login to use the website. If a user doesn't have an account, it won't be able to use the website.

Dashboard > Settings > Website > Explore (guests)
Enable/Disable if guests can browse content under /explore.

Dashboard > Settings > Image upload > Guest uploads
Enable/Disable if guests can upload images.

Dashboard > Settings > Users > Disable signups
Disables user signup (you can manually create users under Dashboard > Users).

In your case, I will just set website private, content default and just disable signups. You will have to manually create the accounts and people later can freely change the password from there.
 

Z471

Core license
License owner
Joined
Feb 11, 2019
Messages
3
Points
53
Checking the settings I have

Dashboard > Settings > Website > Website privacy mode is set to Private
Dashboard > Settings > Website > Explore (guests) is set to Disabled
Dashboard > Settings > Website > Website mode is set to Personal
Dashboard > Settings > Website > Content privacy mode is set to Default

Dashboard > Settings > Image upload > Guest uploads is set to disabled

Dashboard > Settings > Users > Enable signups is set to Disabled

However if I go to one of my pictures e.g. https://****.co.uk/photos/image/QEqDv whilst logged out I can see the photo, exif data as well as navigate to other pictures in the album.

The album privacy is set to public. I assumed given the settings I had chosen that this meant public as in "any registered member".

Is there any other setting that I might be missing?
 

Rodolfo

Chevereto Developer
Chevereto Staff
Joined
Oct 7, 2008
Messages
16,592
Points
237
Location
Chevereto HQ
Website
rodolfoberrios.com
There's some misunderstanding.

Dashboard > Settings > Website > Website privacy mode = Private

Should make the website usable only to registered users (ask login) but the content privacy in Chevereto is set at album level, meaning that combining ^ with:

Dashboard > Settings > Website > Content privacy mode = Default

You get that the album or images are visible, because is the user who sets that content privacy. The user can set album privacy (public, private self, private anyone with the link) freely.

When you force the content privacy, is the same as the user setting that privacy level for their albums.

--

I think that the thing that is wrong here is the "default" content case, because the system should always ask for login, at the demo I'm seeing that behaviour but un local I'm getting some errors. I will take a look at it.
 

Rodolfo

Chevereto Developer
Chevereto Staff
Joined
Oct 7, 2008
Messages
16,592
Points
237
Location
Chevereto HQ
Website
rodolfoberrios.com
I've confirmed a bug here, related to the detection of the routes which should always request login to users. I will patch it in the next revision for both paid and free editions. Please note that the next free update is scheduled for March.

If you want a hacky solution, go to Dashboard > Settings > Routing and make sure to use this:

2192
 

Z471

Core license
License owner
Joined
Feb 11, 2019
Messages
3
Points
53
Cheers works perfectly now.

Not worried about when the next free update is, I was just waiting to be sure this could be fixed before I bought my license (one of my users uploads pictures of his kids and saw that could was starting to cache part of the site)
 
  • Like
Reactions: Rodolfo

Gambalunga

Network license
License owner
Joined
Jul 2, 2017
Messages
45
Points
58
I have the website set to private mode so that only registered users can post images or browse the images posted by other users. I want it so that an image can be seen by anyone with a link or when a link is posted in a forum. This is important to my users as the images stored on my Chevereto site are specifically for posting in a related forum. Please ensure that this capability is not lost.
 

Rodolfo

Chevereto Developer
Chevereto Staff
Joined
Oct 7, 2008
Messages
16,592
Points
237
Location
Chevereto HQ
Website
rodolfoberrios.com
I have the website set to private mode so that only registered users can post images or browse the images posted by other users. I want it so that an image can be seen by anyone with a link or when a link is posted in a forum. This is important to my users as the images stored on my Chevereto site are specifically for posting in a related forum. Please ensure that this capability is not lost.
2196

"Private mode will make the website only available for registered users."

That's summarizes what private mode does and up to now, it was allowing guest to see private content. That must change because you expect that guest won't be allowed to see content at all under private mode. The content should be visible only if the privacy is set to "Anyone with the link".

I'm sorry but I have to change it because it is a bug.