Photo gallery with granular access control
Project description
Introduction
myks-gallery is a simple photo gallery with granular access control.
It powers my humble photo gallery, allowing me to:
access my entire photo collection privately,
share some albums with family or friends,
make some albums public.
Use case
Rather than use a photo manager, I just create a new directory for each event and put my photos inside. I include the date of the event in the name of the directory and I rename photos based on their date and time. Then I regularly synchronize my collection to a remote storage. I serve my gallery from there.
If you have a similar workflow, you may find myks-gallery useful.
Whenever I upload new photos, I re-scan the collection with django-admin scanphotos or with the button in the admin. myks-gallery detects new albums and photos. Then I define users, groups and access policies in the admin.
Album access policies control the visibility of albums. Most often, you’ll enable the “photos inherit album access policy” option. If you need more control, for instance to share only a subset of an album, you can disable this option and use photo access policies. You still need to define an album access policy and it should be a superset of the photo access policies.
Obviously, requiring usernames and passwords doesn’t work well for sharing photos with relatives. You might want to use django-sesame.
Setup
myks-gallery is a pluggable Django application. It requires:
Django ≥ 3.2 (LTS)
Python ≥ 3.6
Architecture
myks-gallery requires two storage areas:
The first one contains the original photos. It’s a read-only reference. You can upload photos with aws s3 sync, gsutil rsync, etc.
The second one contains resized versions and ZIP archives of album exports. It’s a cache. You can set up expiry policies and clear it without affecting the gallery, aside from the cost of rescaling images again.
myks-gallery accesses them through Django’s file storage API, meaning that you can use any storage for which a Django storage backend exists. You should use a third-party storage backend if you’re storing files in a cloud service.
Installation guide
This application isn’t exactly plug’n’play. There are many moving pieces. Here’s the general process for integrating myks-gallery into an existing website:
Download and install the package from PyPI:
$ pip install myks-gallery Pillow
Add gallery.apps.GalleryConfig to INSTALLED_APPS:
INSTALLED_APPS += ['gallery.apps.GalleryConfig']
Configure the settings — see below for the list.
Add the application to your URLconf with the gallery application namespace:
urlpatterns += [ path('gallery/', include('gallery.urls', namespace='gallery')), ]
Create a suitable base.html template. It must provide three blocks: title, extrahead, content, as shown in this example.
Scan your photos with the “Scan photos” button in the admin or the scanphotos management command and define access policies.
The source contains a sample application in the example directory. It can help you see how everything fits together. See below for how to run it.
Access control
myks-gallery provides two levels of access control: by album and by photo.
By default, albums and photos aren’t visible by anyone, except users with the “Can see all photos” permission, including superusers who have it implicitly.
To make them visible, you must define an access policy. You have two options: public access or access restricted to select users or groups.
Access policies for albums are configured explicitly in the admin.
In most cases, you will enable the “Photos inherit album access policy” option, so that the access policy also applies to all photos in the album.
Access policies for photos may also be configured for granular control.
For example, if you want to publish just a few photos in an album, make these photos public, make the album public, but don’t enable “Photos inherit album access policy”. Other photos in the album won’t be visible.
Another example, if you want to share an album privately except for a few photos, set an empty access policy on these photos (e.g. by adding then removing yourself), then allow some groups or users to view the album.
Permissions
myks-gallery defines two permissions for django.contrib.auth:
“Can scan the photos directory” allows using the “Scan photos” button in the admin.
“Can see all photos” allows seeing all albums and all photos regardless of access policies.
Settings
GALLERY_PHOTO_STORAGE
Default: not defined
Dotted Python path to the Django storage class for the original photos. It must be readable by the application server but should not be writable.
While GALLERY_PHOTO_STORAGE behaves like Django’s DEFAULT_FILE_STORAGE setting, you’ll usullay point it to a factory function that initializes and returns a Django storage instance because you won’t want to use globally configured values for settings such as the S3 bucket name.
GALLERY_CACHE_STORAGE
Default: not defined
Dotted Python path to the Django storage class for resized versions and album archives. It must be readable and writable by the application server.
It behaves like GALLERY_PHOTO_STORAGE.
GALLERY_PATTERNS
Default: ()
Tuple of (category name, regular expression) defining how to extract album information — category, date, name — from the paths of photo files.
The regular expressions match paths relative to the root of the photo storage. They contain the following captures:
a_name: album name (mandatory) — to capture several bits, use a_name1, a_name2, etc.
a_year, a_month, a_day: album date (mandatory)
p_year, p_month, p_day, p_hour, p_minute, p_second: photo date and time (optional)
Here’s an example, for photos stored with names such as 2013/01_19_Snow in Paris/2013-01-19_19-12-43.jpg:
GALLERY_PATTERNS = ( ('Photos', r'(?P<a_year>\d{4})/(?P<a_month>\d{2})_(?P<a_day>\d{2})_' r'(?P<a_name>[^_/]+)/' r'(?P<p_year>\d{4})-(?P<p_month>\d{2})-(?P<p_day>\d{2})_' r'(?P<p_hour>\d{2})-(?P<p_minute>\d{2})-(?P<p_second>\d{2})\.jpg'), )
GALLERY_IGNORES
Default: ()
Tuple of regular expressions matching paths within GALLERY_PHOTO_STORAGE. Files matching one of these expressions will be ignored when scanning photos.
GALLERY_RESIZE
Default: gallery.resizers.pillow.resize
Dotted Python path to the callable providing resizing functionality.
resize(photo, width, height, crop=True) receives an instance of the Photo model and returns a URL for the resized version. The original image is found at photo.image_name in the photo storage.
The default implementation depends on Pillow.
GALLERY_RESIZE_PRESETS
Default: {}
Dictionary mapping resizing presets to (width, height, crop) tuples. If crop is True, the photo will be cropped and the thumbnail will have exactly the requested size. If crop is False, the thumbnail will be smaller than the requested size in one dimension to preserve the photo’s aspect ratio.
The default templates assume the following values:
GALLERY_RESIZE_PRESETS = { 'thumb': (128, 128, True), 'standard': (768, 768, False), }
You may double these sizes for better results on high DPI displays.
The admin expects a 'thumb' preset.
GALLERY_RESIZE_OPTIONS
Default: {}
Dictionary mapping image formats names to dictionaries of options for Pillow’s save method. Pillow’s documentation describes options for each file format.
The following a reasonable value for high-quality thumbnails and previews:
GALLERY_RESIZE_OPTIONS = { 'JPEG': {'quality': 90, 'optimize': True}, }
The default resizer honors this setting. Other resizers may ignore it.
GALLERY_TITLE
Default: "Gallery"
Title of your photo gallery. This is only used by the default templates of the index and year views.
GALLERY_PREVIEW_COUNT
Default: 5
Number of thumbnails shown in the preview of each album.
Running the sample application
Make sure Django and Pillow are installed.
Create directories for storing photos and thumbnails:
$ cd example $ mkdir media $ mkdir media/cache $ mkdir media/photos
Create an album directory, whose name must contain a date, and download images. Wikipedia’s featured pictures are a good choice:
$ mkdir "media/photos/2023_01_01_Featured Pictures" # ... download pictures to this directory...
Run the development server:
$ ./manage.py migrate $ ./manage.py createsuperuser $ ./manage.py runserver
Go to http://localhost:8000/admin/gallery/album/ and log in. Click the “Scan photos” link at the top right, and the “Scan photos” button on the next page. You should see the following messages:
Scanning path/to/myks-gallery/example/media/photos
Adding album 2023_01_01_Featured Pictures (Photos) as Featured Pictures
Done (0.01s)
Go to http://localhost:8000/ and enjoy!
Since you’re logged in as an admin user, you can view albums and photos even though you haven’t defined any access policies yet.
Changelog
1.0
Under development
0.9
This version makes it possible to customize image resizing, for example to integrate an external service, with the GALLERY_RESIZE setting. Review gallery.resizers.thumbor.resize for an example.
Several features designed for storing files in the filesystem are removed:
The --resize option of django-admin scanphotos is removed.
Expiration of album archives with the GALLERY_ARCHIVE_EXPIRY setting is removed. Configure lifecycle for the export folder on the cloud storage service instead.
Fallback to the GALLERY_PHOTO_DIR and GALLERY_CACHE_DIR settings, deprecated in version 0.5, is removed.
Support for serving files privately from the local filesystem is removed, including the GALLERY_SENDFILE_HEADER and GALLERY_SENDFILE_PREFIX settings.
It includes smaller changes too.
Updated for Django 4.0.
0.8
Changed photo access policies to always override album access policies, even when “Photos inherit album access policy” is enabled. This makes it possible to restrict access with photo access policies, rather than just extend it.
Updated for Django 3.0.
0.7
Updated for Django 2.0.
0.6
Added migrations for compatibility with Django 1.9.
To upgrade an existing project, run: django-admin migrate --fake-initial.
0.5
This version uses the Django file storage API for all operations on files, making it possible to use services such as Amazon S3 or Google Cloud Storage for storing photos and thumbnails. It introduces the GALLERY_PHOTO_STORAGE and GALLERY_CACHE_STORAGE settings. They supersede GALLERY_PHOTO_DIR and GALLERY_CACHE_DIR.
When upgrading to 0.5 or later, you should clear the cache directory. Previously cached thumbnails and exports won’t be used by this version.
It includes smaller changes too.
Switched ordering of albums to always show the most recent albums first.
Allowed customizing the number of photos in album previews.
Preserved original order of photos in album previews.
Added pagination on album preview pages.
Changed the hashing schema. This invalides the cache. You should clear it.
Fixed collision between zip archives containing photos with the same name.
0.4
Provided exports of albums as zip archives.
Fixed preview of photos affected by batch access policy changes.
0.3
Support for Python 3 and Django 1.6.
Hid public albums by default for logged-in users.
Switched the default styles to a responsive design.
Added an option to scanphotos to precompute thumbnails.
Added an option to scanphotos to resynchronize photo dates.
Fixed bugs in photo dates.
0.2
Made most settings optional for easier deployment.
Made “sendfile” optional and used streaming responses as a fallback.
Worked around a crash in libjpeg when creating large JPEG previews.
Added many tests.
0.1
Initial public release, with the history from my private repository.
Added documentation (README file).
Added a sample application.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file myks_gallery-0.9.1.tar.gz
.
File metadata
- Download URL: myks_gallery-0.9.1.tar.gz
- Upload date:
- Size: 35.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.2.2 CPython/3.10.8 Darwin/22.1.0
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 0b49fb3ae85d4b319d256d5119bfdc10db67ddfac1dc9cac190c05fb8b812fac |
|
MD5 | 87bcbc2b3d450bfd03dc0bcd3d2b9556 |
|
BLAKE2b-256 | f439c0e5f112f05335e920d86a21aa80b28cab772c4aee4f6d16b3df8d757cdf |
File details
Details for the file myks_gallery-0.9.1-py3-none-any.whl
.
File metadata
- Download URL: myks_gallery-0.9.1-py3-none-any.whl
- Upload date:
- Size: 39.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.2.2 CPython/3.10.8 Darwin/22.1.0
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | b9446461dc42ef3b974ccd743aecec7ea2651c0a77bb64b4a4c8da3afc2921fd |
|
MD5 | 18a3fd4f5d22de656edd19b160634c81 |
|
BLAKE2b-256 | 8481de8ee8792eabc9f166dcd8ccdffc9d4b685f8bb7ca78618d967f565d06e1 |