Understanding security levels

Protecting directories and pictures under phpGraphy is made using security level, it’s important to understand how it’s working to not deny access to pictures you want to be available from everyone, the other case (allowing access to unauthorized pictures is less likely to happen, you’ll see why soon).

First, please note that levels are starting from zero (simple non loggued visitors) and go up to 999 (administrator). This mean that you can have up to 998 differents levels which should hopefuly be enough for everyone.

It may sound evident for most of you but in case, the bigger level you’ve, the most pictures/directories you’ll be able to see. As said before, admin functions are only available if the user level is equal to 999.

Ok, so now that I’ve introduced the levels, there is another important thing to understand, the notion of “inheritance”.Basically, when accessing a picture or a directory, phpGraphy check both “real” and “inherited” security level and keep the highest one. The inherited one is found by checking the level in all the tree hierarchy below the current picture/directory.

Here is a real life example:

pictures_dir/          <- Level 0 - Inherited Level: 0
+- public_dir_a/       <- Level 0 - Inherited Level: 0 (becaused root_dir level is also 0)
|  |
|  +-public_dir_b/     <- Level 0 - Inherited Level: 0 (becaused 'root_dir' AND 'public_dir_a' level is also 0)
|  +-private_dir_a/    <- Level 10 - Inherited Level: 10 (becaused 'root_dir' AND 'public_dir_a' level are both 0,
|     |                                                    it's heritate from it's own level which is the highest found)
|     `-private_dir_b/ <- Level 0 - Inherited Level: 10 (because 'private_dir_a' level is 10, no need to worry
|                                                        to get access to this directory, user will need to have level 10)
`- private_dir_c/      <- Level 10 - Inherited Level: 10 (same case as 'private_dir_a')
   +-public_dir_d/     <- Level 0 - Inherited Level: 10 (Do not do this, this not a public directory as its inherited level
   |                                                     is 10, user will also need to have level 10 to read it)
   `-private_dir_d/    <- Level 20 - Inherited Level: 20 (Because level 20 is the highest found in the directory tree,
     |                                                    all directories behind this one will inherite this level of 20)
     `private_dir_e/   <- Level 0 - Inherited Level: 20