Multi-user support

Are there any plans for enhanced multi-user support? For example, my wife and I would like to use one single installation of PhotoStructure on a server, and have separate albums, etc.

My current thinking for “sharing 1.0” is to try to keep things simple, and only have two or three “flavors” of users: “owners,” “contributors,” and “viewers”.

Library owners

  • have access to all library assets (including hidden assets)
  • can view and edit the library settings page
  • can create albums
  • can hide assets, edit tags, fix created-at times

You’ll be a library owner.

In my case, I want to have my wife be able to make any changes she sees fit to all assets, so she’ll be a “library owner” as well.

Library contributors

  • these users can view assets in specific albums that have been shared via a “contributor” token,
  • comment on albums and assets, and
  • (eventually) add new assets via web upload.

Library viewers

  • these users can view assets in albums via a “viewer” token

(these are read-only users)

Owners Contributors Viewers
View and change library settings :white_check_mark: :no_entry_sign: :no_entry_sign:
View and modify all library assets :white_check_mark: :no_entry_sign: :no_entry_sign:
Add files to albums they have an access token :white_check_mark: :white_check_mark: :no_entry_sign:
Add comments to assets they have an access token for :white_check_mark: :white_check_mark: :no_entry_sign:
View assets they have an access token for :white_check_mark: :white_check_mark: :white_check_mark:

But why only a couple types of users?

If possible, I’d like to keep things as simple as possible, and typical access-control-list authorization chains can be a bear to understand and work with.

Additionally, if possible, I’d like to avoid “username/password” authentication, because this requires users to have a reasonable SMTP setup. I’m hoping that simple token-based access (possibly with 2FA) will be sufficient (you bookmark the URL with the login-as-library-owner token, and you’re done).

1 Like

@Daniel do you think the above will address what you were wanting?

This sounds like a pretty good approach to me!

I’d also like to see support for multiple “libraries”. For example, a library for me (where I’m the owner), a library for my wife (where she’s the owner), and a shared library. This is similar to how we use Google Photos today - We each have our own Google accounts, but we also have shared albums that we can both contribute to.

Does this mean all albums, or only particular albums? One thing I’d like to be able to do is have “public” albums that anyone can access without auth, however I wouldn’t want to give access to my entire library to public users.

I was thinking that each tag would have 0 or more access tokens, and each token has a permission level. Each access token could be used by 1 or more tags.

2 Likes

This feature should probably be merged with Secure sharing of albums and assets

a simple solution to this would be to just spin up another docker instance of photostructure for your wife and map the directories to her directories.

The disadvantage of this approach is that you have to import any given file twice, and keep duplicate preview images and duplicate transcoded videos…

1 Like

Yeah… It’s doable, but we have a lot of shared albums so maybe we’d end up with three instances (one with her photos, one with my photos, and one shared) :stuck_out_tongue: Maybe just having album support will be sufficient for my use case though.

1 Like

Just to add some input here - as a professional photographer, I’d really like to be able to give certain highly trusted clients access to larger photoshoots, where the client can access RAW photos for situations where they need the files urgently, when it is better for all involved that one of the clients in-house creatives makes the conversions from RAW to TIFF/JPEG rather than having to wait for me to do them, in the event that I’m travelling or out on another shoot. In which case it would be great to set up a folder/gallery hierarchy and give the client access to log into a predefined folder structure. Traditionally, this would be handled with a client account with the clients username and password, and limited permissions (typically just browse, search, download files). I’m not sure how, or if, the suggested “access tokens” will allow the clients to do what they need to do in a scenario like this…?

The token itself specifies what tags it’s granting access to. I hadn’t thought of limiting access to only certain resolutions or formats, but that would be doable.

Thanks for the suggestion!

I’m going to work on this next. If you’re interested and wanting to share feedback, here’s my design doc: Sharing design - Google Docs

2 Likes

Just curious if you’ve made any progress on this feature. Keep up the great work!

1 Like

After talking through token-based auth with less technically inclined people, I’ve been convinced that it’s a bit too exotic, and has too many downsides to pursue.

I just updated the doc: I’m going to add email-based auth for PLUS users for this first iteration. PLUS and LITE users will still be free to disable this feature, and use auth built into their current reverse proxy, if they wish.

3 Likes

@mrm Coming back to see how this was going.

Are you happy with the features and is it something you plan to keep pursuing?

I’m looking into photostructure as an alternative to Google Photos after their fiasco of accidentally labeling a man a child abuser and getting the police involved when the man took some photos for telemedicine during covid lockdowns. Even after presenting evidence, witnesses, prescription, and police dropping the case, Google kept his account locked and made excuses how they’re not in the wrong. Dude lost everything. It’s not the first time stuff like this has happened (including to internal Googlers). My brother had his account locked after they had a payment processing error that charged him for the same phone 4 times draining his bank account and when he blocked them from making more transactions they disabled his account and made excuses how it wasn’t their fault…. Until they found he was a googler and was escalating it internally and it became a big problem.

I’ve had enough and I need something that offers multiple users support, login, 2FA, and album/photo sharing. I’m also looking for how to automatically backup images and video from iPhone on something like this. I’d immediately become a PLUS member if we can obtain these functions. What are your thoughts on this? Is this something that is doable?

Welcome to PhotoStructure, @jcfrosty !

Convincing family members to change anything is tough: the best you can do is fetch Google Takeouts so if they have their account closed, the damage is minimized.

Here’s a list of the features I saw you ask for:

multiple users support

This is what this forum post is tracking. Note that this is currently supported by just running multiple instances of PhotoStructure pointed to different library directories. If you use docker-compose it’s quite straightforward: set up each person with their own library and their own port number, and their own “website” will be completely separate from each other. I’ll be building simpler user auth before this feature is tackled, which just has 1 or more “owners” (via username/password/TOTP) and optional “viewers” (via username/password or token).

login, 2FA

I’ve referenced this as “user auth” here and on Discord, and will be built as a prerequisite to this multi-user feature. I’m interested in building out multi-device FIDO support, but that’s a year out before wide support is available, I think.

album/photo sharing

This is also coming after user auth. Vote for it here–feel free to add ideas/feedback as well.

I’m also looking for how to automatically backup images and video from iPhone.

There are a couple solutions external to PhotoStructure that do this well, so I’m not adding this functionality at this time. See this post for details.

1 Like

Hi, new user here. I’m enjoying photostructure so far.

Just chiming in to say, multi-user support with generic OIDC (in a single instance of photostructure) would be a killer feature for me. RBAC on top would be perfect, as I’ve got that managed via OpenLDAP/LAM/Keycloak.