Page tree
Skip to end of metadata
Go to start of metadata

Since Version 5 PicApport has a built-in user management

General

User

In order to achieve compatibility with previous versions, PicApport is configured by default that an automatic logon via the user account PicApport is done.
If the password for this account (UserId=PicApport, password=picapport) is changed or the account is deleted or disabled each user must log on to the server with the user ID and password.

By default the data of the user account management is stored in the directory ./picapport/usersIf this directory does not exist when PicApport starts, it will be created automatically
with the following default settings
:

User-IDNamePasswordMember
of group
Remarks
adminSystem administratoradminSystem administration

We strongly recommend that you change the admin-password after the initial installation.
Upon delivery, only the Admin user is authorised to allow additional users.

To login as an administrator, go to the main page  of PicApport, click on the "hamburger menu"
on the top and select logoff. Now you can login with the Admin account and manage users
and permissions.

picapportPicApportpicapportFamily

Before version 5 PicApport had no user management. For private networks this is simply more
convenient
. To have this feature also for new versions, we deliver PicApport with a standard
user
PicApport. If you access the PicApport-Server with a browser the user PicApport will
be automatically logged in if the following applies:

  • A user account PicApport with password picapport exists and is active
guestGuestguestGuests This is our proposal for a guest account with limited privileges


Groups

All permission a user has in PicApport, are achieved by a group membership The following rules apply :

  • A user is always a member of at least one group
  • A user can be a member of  multiple groupsHe then receives the sum of all permissions of all groups  (union)

By default the data of the group account management is stored in the directory ./picapport/usersIf this directory does not exist when PicApport starts, it will be created automatically
with the following default settings
:


Group-IDNameremarks
adminsSystem administration
 Upon delivery, members of this group have the following permissions:
  • All permissions
familyFamily
 Upon delivery, members of this group have the following permissions:
  • All permissions except:
    • Permission to create, update or delete a user
    • Permission to add a user to own user-group(s)
    • Permission to create, update or delete a user-group
    • Permission to set geolocations (geotagging).
    • Permission to edit photo metadata. (Title, description, date, etc.)
guestsGuests
 Upon delivery, members of this group have the following permissions:
  • Permission for full-text searches (Visibility: global search)
  • Permission to set search options (Visibility: search options)
  • Permission to view 'dynamic collections' (Visibility: 'dynamic collections')


Permissions

ID of permissionSinceDescription
Permission group Administration
pap:admin:user
Permission to create, update or delete a user
pap:admin:user:local
Permission to add a user to own user-group(s)
pap:admin:group
Permission to create, update or delete a user-group
pap:admin:changeownpassword
Permission to change own password
pap:admin:assignipadress
Permission to assign an IP-Address to own account
pap:admin:shares6.2Permission to manage shared photos (links)
pap:admin:useroptions6.2

Permission to set user options by entering commands in the search field
see: User Options

pap:admin:server7.6Permission for server administration via the Web GUI.
Permission group photo access
pap:access:uploads
Permission to upload files
pap:access:ownuploadsvisible
Uploaded photos from a user are always visible to that user independent from filter settings.
pap:access:downloads
Permission to download files (photos in original size)
pap:access:metadata
Permission to view photo metadata
pap:access:share6.2Permission to share photos (create link)
pap:access:removephotos7.6Permission to remove photos.
Permission group program functions
pap:feature:search
Permission for full-text searches (Visibility: global search)
pap:feature:options
Permission to set search options (Visibility: search options)
pap:feature:dyncol:view
Permission to view 'dynamic collections' (Visibility: 'dynamic collections')
pap:feature:dyncol:edit:glob
Create, update or delete of global 'dynamic collections'
pap:feature:dyncol:edit:group
Create, update or delete of 'dynamic collections' for own user-groups
pap:feature:dyncol:edit:user
Create, update or delete of 'dynamic collections' for own user-account
pap:feature:offcol
Permission to create 'local collections'
pap:feature:dirbrowser
Permission to start directory-browser. (Visibility: directories/folder)
pap:feature:msg:newfotos
Info about new photos. If set, user gets notified on landing page when new photos are available.
pap:feature:msg:queryresult
If set, the query and number of photos found will be displayed in the thumbnail view.
pap:feature:map5.3Permission to use the integrated map module.
pap:feature:mapedit7.6Permission to edit markers on map.
pap:feature:designs:select6.0.3Permission to select a design.
pap:feature:designs:changedefault6.0.3Permission to set the default design.
pap:feature:thumbs:canselect6.0.3Permission to select photos in the thumbnail view. (Planned for Version 7)
pap:feature:sharescreen:send7.2.0Permission to share own screen.
pap:feature:sharescreen:receive7.2.0Permission to access remote screen.
pap:feature:sharescreen:autorecieve7.2.0Permission to access remote screen automatically during slideshow. (e.g. for picture frame).

Permission group edit metadata

pap:editmeta:mytags:like7.0Permission to like a photo.
pap:editmeta:mytags:tags7.0Permission to manage usertags (MyTags).
pap:editmeta:geo:location7.0Permission to set geolocations (geotagging).
pap:editmeta:photo7.0Permission to edit photo metadata. (Title, description, date, etc.)


Properties

Key
Default
Typ
Seit Version
Beschreibung
user.encryption.iterations1701intV5.0.0SHA-512-Iterations for password hashes
user.password.min1intV5.0.0Minimum password length
user.password.max75

int

V5.0.0Maximum password length
user.log.accessfalsebooleanV5.0.0extended logging on server for user access



Technical infos

XML-Persistence

User-XML

XML-PathAttributeExample valueDescription
userdefinition:useridtestuser@test.net

Unique ID of a Users


nameMax MustermannDisplay name of a user

descriptionthe quick brown fox jumps over the lazy dogdescription

activetrueFlag if user is active

created149370075385Creation date of account in milliseconds since 1.1.1970

lastupdate149370825561Last update of account in milliseconds since 1.1.1970

lastlogin149370325561Last login of user in milliseconds since 1.1.1970
userdefinition:user:security: passwordhashed-valuex3ASj9ahC93 ... 8IH23XgcP+Dh8Password hashed value

unhashed-valueklartextpasswort

Password in clear text. (You can use this to manually set a password)

On Startup PicApport will automatically create a  hashed-value from this
attribute and then remove the unhashed-value.

userdefiniton:user:ip-addresses:ip-addressvalue10.66.77.1IP-Address for automatic login
userdefinition:user:attributes:attributenamestreetAttribute-name

valueMainstreet 2Attribute-value


Roles / Groups-XML

XML-PathAttributeExample valueDescription
roledefinition:roleidguests

Unique ID of this role / group


nameGästeDisplay name of role / group

descriptionthe quick brown fox jumps over the lazy dogDescription

activetrueFlag if group is active
roledefinition:role:members:memberidtestuser@test.netMember of this role / group
roledefinition:role: permissions: permissionvaluepap:access:downloadsAll permissions of this role / group
roledefiniton:role:attributes:attributenamestreetAttribute-name

valueMainstreet 2

Attribute-value


Encryption / hashing

PicApport uses two different encryption methods.

  • To store passwords on the server they will be hashed(SHA-512)  with a salt and a fixed number of iterations.
  • To transfer passwords from the client to the server an asymmetric crypt-system (RSA) is used.

Storing passwords on the server

The number of iterations can be set in the server configuration.

AlgorithmSalt-sizeIterationsUsage
SHA-51217 Bytes1701 (can be configured)Storing passwords on the server

Encryption Client-Server-Communication

AlgorithmPublic key sizeusage
RSA

1024 bit

Creation of public keys for the web-clients to encrypt passwords.

For each session PicApport will generate a new keypair.