Skip to main content

Photo gallery with granular access control

Project description

Introduction

myks-gallery is a simple photo gallery with granular access control.

It powers my humble photo gallery, allowing me to:

  • access my entire photo collection privately,

  • share some albums with family or friends,

  • make some albums public.

Use case

Rather than use a photo manager, I just create a new directory for each event and put my photos inside. I include the date of the event in the name of the directory and I rename photos based on their date and time. Then I regularly synchronize my collection to a remote storage. I serve my gallery from there.

If you have a similar workflow, you may find myks-gallery useful.

Whenever I upload new photos, I re-scan the collection with django-admin scanphotos or with the button in the admin. myks-gallery detects new albums and photos. Then I define users, groups and access policies in the admin.

Album access policies control the visibility of albums. Most often, you’ll enable the “photos inherit album access policy” option. If you need more control, for instance to share only a subset of an album, you can disable this option and use photo access policies. You still need to define an album access policy and it should be a superset of the photo access policies.

Obviously, requiring usernames and passwords doesn’t work well for sharing photos with relatives. You might want to use django-sesame.

Setup

myks-gallery is a pluggable Django application. It requires:

  • Django ≥ 2.2 (LTS)

  • Python ≥ 3.6

Architecture

myks-gallery requires two storage areas:

  • The first one contains the original photos. It’s a read-only reference. You can upload photos there with aws s3 sync, gsutil rsync, rsync, etc. depending on the platform.

  • The second one contains downscaled photos and ZIP archives of album exports. It’s a cache. You can set up expiry policies and clear it without affecting the gallery, aside from the cost of rescaling images again.

myks-gallery accesses them through Django’s file storage API, meaning that you can use any storage for which a Django storage backend exists. You should use a third-party storage backend if you’re storing files in a cloud service and Djang’s built-in FileSystemStorage if you’re storing them locally on the filesystem, typically for local development.

Installation guide

This application isn’t exactly plug’n’play. There are many moving pieces. Here’s the general process for integrating myks-gallery into an existing website:

  1. Download and install the package from PyPI:

    $ pip install myks-gallery
  2. Add gallery.apps.GalleryConfig to INSTALLED_APPS:

    INSTALLED_APPS += ['gallery.apps.GalleryConfig']
  3. Configure the settings — see below for the list.

  4. Add the application to your URLconf with the gallery application namespace:

    urlpatterns += [
        path('gallery/', include('gallery.urls', namespace='gallery')),
    ]
  5. Create a suitable base.html template. It must provide three blocks: title, extrahead, content, as shown in this example.

  6. Optionally, if you’re serving files from the local filesystem, enable X-accel (nginx) or mod_xsendfile (Apache) for your photo and cache directories.

  7. Scan your photos with the “Scan photos” button in the admin or the scanphotos management command and define access policies.

The source contains a sample application in the example directory. It can help you see how everything fits together. See below for how to run it.

Access control

myks-gallery provides two levels of access control: by album and by photo.

By default, albums and photos aren’t visible by anyone, except users with the “Can see all photos” permission, including superusers who have it implicitly.

To make them visible, you must define an access policy. You have two options: public access or access restricted to select users or groups.

Access policies for albums are configured explicitly in the admin.

In most cases, you will enable the “Photos inherit album access policy” option, so that the access policy also applies to all photos in the album.

Access policies for photos may also be configured for granular control.

For example, if you want to publish just a few photos in an album, make these photos public, make the album public, but don’t enable “Photos inherit album access policy”. Other photos in the album won’t be visible.

Another example, if you want to share an album privately except for a few photos, set an empty access policy on these photos (e.g. by adding then removing yourself), then allow some groups or users to view the album.

Permissions

myks-gallery defines two permissions for django.contrib.auth:

  • “Can scan the photos directory” allows using the “Scan photos” button in the admin.

  • “Can see all photos” allows seeing all albums and all photos regardless of access policies.

Settings

Running the sample application

  1. Make sure Django and Pillow are installed

  2. Download some pictures (warning: these files are large, total = 50MB; you can use photos of your own instead as long as you respect the format of the directory name: YYYY_MM_DD_album name):

    $ cd example
    $ mkdir cache
    $ mkdir photos
    $ mkdir "photos/2013_01_01_Featured Pictures"
    $ cd "photos/2013_01_01_Featured Pictures"
    $ wget http://upload.wikimedia.org/wikipedia/commons/5/51/2012-11-23_16-05-52-grande-cascade-tendon.jpg
    $ wget http://upload.wikimedia.org/wikipedia/commons/5/56/Crooked_Beak_of_Heaven_Mask.jpg
    $ wget http://upload.wikimedia.org/wikipedia/commons/a/a4/Iglesia_de_Nuestra_Se%C3%B1ora_de_La_Blanca%2C_Cardej%C3%B3n%2C_Espa%C3%B1a%2C_2012-09-01%2C_DD_02.   JPG
    $ wget http://upload.wikimedia.org/wikipedia/commons/1/17/Iglesia_del_Esp%C3%ADritu_Santo%2C_Landshut%2C_Alemania%2C_2012-05-27%2C_DD_02.JPG
    $ wget http://upload.wikimedia.org/wikipedia/commons/3/33/Viru_Bog%2C_Parque_Nacional_Lahemaa%2C_Estonia%2C_2012-08-12%2C_DD_60.JPG
    $ wget http://upload.wikimedia.org/wikipedia/commons/d/d7/Castillo_Trausnitz%2C_Landshut%2C_Alemania%2C_2012-05-27%2C_DD_18.JPG
    $ wget http://upload.wikimedia.org/wikipedia/commons/b/b7/Catedral_de_Alejandro_Nevsky%2C_Tallin%2C_Estonia%2C_2012-08-11%2C_DD_46.JPG
    $ wget http://upload.wikimedia.org/wikipedia/commons/3/3f/Crassula_arborescens%2C_Jard%C3%ADn_Bot%C3%A1nico%2C_M%C3%BAnich%2C_Alemania_2012-04-21%2C_DD_01.JPG
    $ wget http://upload.wikimedia.org/wikipedia/commons/8/86/Plaza_del_ayuntamiento%2C_Set%C3%BAbal%2C_Portugal%2C_2012-08-17%2C_DD_01.JPG
    $ wget http://upload.wikimedia.org/wikipedia/commons/7/71/4_cilindros_y_museo_BMW%2C_M%C3%BAnich%2C_Alemania_2012-04-28%2C_DD_02.JPG
    $ cd ../..
  3. Run the development server:

    $ ./manage.py migrate
    $ ./manage.py createsuperuser
    $ ./manage.py runserver
  4. Go to http://localhost:8000/admin/gallery/album/ and log in. Click the “Scan photos” link at the top right, and the “Scan photos” button on the next page. You should see the following messages:

    • Scanning path/to/myks-gallery/example/photos

    • Adding album 2013_01_01_Featured Pictures (Photos) as Featured Pictures

    • Done (0.01s)

    Go to http://localhost:8000/ and enjoy!

    Since you’re logged in as an admin user, you can view albums and photos even though you haven’t defined any access policies yet.

Changelog

0.9

Under development

0.8

  • Changed photo access policies to always override album access policies, even when “Photos inherit album access policy” is enabled. This makes it possible to restrict access with photo access policies, rather than just extend it.

  • Updated for Django 3.0.

0.7

  • Updated for Django 2.0.

0.6

  • Added migrations for compatibility with Django 1.9.

To upgrade an existing project, run: django-admin migrate --fake-initial.

0.5

This version uses the Django file storage API for all operations on files, making it possible to use services such as Amazon S3 or Google Cloud Storage for storing photos and thumbnails. It introduces the GALLERY_PHOTO_STORAGE and GALLERY_CACHE_STORAGE settings. They supersede GALLERY_PHOTO_DIR and GALLERY_CACHE_DIR.

When upgrading to 0.5 or later, you should clear the cache directory. Previously cached thumbnails and exports won’t be used by this version.

It also include some smaller changes.

  • Switched ordering of albums to always show the most recent albums first.

  • Allowed customizing the number of photos in album previews.

  • Preserved original order of photos in album previews.

  • Added pagination on album preview pages.

  • Changed the hashing schema. This invalides the cache. You should clear it.

  • Fixed collision between zip archives containing photos with the same name.

0.4

  • Provided exports of albums as zip archives.

  • Fixed preview of photos affected by batch access policy changes.

0.3

  • Support for Python 3 and Django 1.6.

  • Hid public albums by default for logged-in users.

  • Switched the default styles to a responsive design.

  • Added an option to scanphotos to precompute thumbnails.

  • Added an option to scanphotos to resynchronize photo dates.

  • Fixed bugs in photo dates.

0.2

  • Made most settings optional for easier deployment.

  • Made “sendfile” optional and used streaming responses as a fallback.

  • Worked around a crash in libjpeg when creating large JPEG previews.

  • Added many tests.

0.1

  • Initial public release, with the history from my private repository.

  • Added documentation (README file).

  • Added a sample application.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

myks-gallery-0.8.tar.gz (37.8 kB view details)

Uploaded Source

Built Distribution

myks_gallery-0.8-py3-none-any.whl (41.0 kB view details)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page