@Isabelle: I can't confirm the issues 1-3 you are describing. Which version of Tidypics are you using for testing on Elgg 1.9? Is it 1.9.1beta13? The $vars["url"] deprecated issue can definitely not be caused by Tidypics, because it's not used within the code of Tidypics anymore anywhere. Do you have any other 3rd party plugins enabled? Other plugins might result in the issues you are describing if they are interferring with the views and pages of the Tidypics plugins. Please try again with no other 3rd party plugins enabled. Does the same problem happen again.
Issue 4: the popup will only show the albums of the logged in user - no exception for admins. I don't think it would make sense to display all albums of the site for admins because the dropdown menu might contain a very high number of albums then without any chance of seeing who is the album owner. If you want to add images to an album of another user please go this the page of this album and use "Upload photos to this album".
Any feedback regarding the upgrade script - if you are indeed testing beta13 on Elgg 1.9 and have already existing Tidypics content on this test installation?
@iionly : sorry for the wrong reporting on error 1. I was just going to post that, before you made this post.
I am using https://github.com/iionly/Elgg_1.9_tidypics version number 2014040201.
I haven't tested it on an upgrade installation. I dont have any big installation of 1.8 at the moment.
#2: images of a certain user page is called either by http://site.url/photos/siteimagesowner or http://site.url/photos/siteimagesowner/<user_guid>
If there's a user guid in the url (in case you want to see the images of this other user), the guid is retrieved in the pagehandler function in start.php:
if (isset($page[1])) {
set_input('guid', $page[1]);
}
Then in siteimagesowner.php:
$owner_guid = get_input('guid');
$owner = get_entity($owner_guid);
if(!$owner || !(elgg_instanceof($owner, 'user'))) {
$owner = elgg_get_logged_in_user_entity();
$filter = elgg_view('filter_override/siteimages', array('selected' => 'mine'));
} else {
$filter = '';
}
Here the user's guid is retrieved. If there's no guid in input or it isn't a valid user guid the owner (page viewer) is assumed to be the currently logged in user in session. The page has indeed no "owner" retrieved by elgg_get_pageowner* or set by elgg_set_pageowner*.
Not easy - I'm not able to tell you what you would have to modify to get the uploading of images to friends working without some detailed code review - and I don't have the time to do that currently. Sorry.
But it should be possible for sure. For example, the container_guid/entity is used to verify if a user is allowed to upload images to an album. The container entity of an album is either a user or group. You would need to modify this check to add also a check for friend relationships to allow for other users to add images to an album. But you would need to change more: "Upload photos to this album" button show up also for friends, "Upload photos" (album selection) to also show up friends's albums and you would also need to grand writing permissions for the album entities in the actions, modify the edit pages for images and albums. And I think there might also be other things to change that I miss right now...
The admin user access level permissions is not something you can rely on here. Elgg core already allows an admin user to have read/write access to everything. A corresponding access level handling is not implemented for friends in core. The handling of content within groups is also slightly different. On the one hand, there are some additional restrictions possible (like no access for non-group members) but it also makes collaborative access handling easier to implement for group members.
What I missed to mention is the existence of the permission plugin hooks available in Elgg core (this mechanism is also used in Tidypics for handling access / upload sharing on group albums). Adding an appropriate callback function to allow write access to albums for friends of a user might make the implementation slightly easier. Still, you would need to modify the views also for the upload buttons to show up for friends and maybe still modify other things.
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by Raül Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.