Access Control Inheritance

If each Zenfolio object had to have its own access control settings, it would be a daunting task for a photographer to set access control for each photo and gallery individually. To help photographers in managing access control, objects can inherit their access control settings from parent objects.

All objects allowed to have access control settings are organized into a hierarchical structure. At the top of the hierarchy is the user's root photoset group that contains other photoset groups, galleries and collections. Galleries contain individual photographs. Any object except the user's root photoset group can be set to inherit its access control settings from a parent object.

All objects allowed to have access control settings can either inherit them from a parent object or can have them set directly without any inheritance.

When an object is set to inherit its access control, all its access control settings, including the access type, access mask, the list of viewers, and the password, are provided by the parent object. Inheritance works across multiple levels of hierarchy. For example, if a photo is set to inherit its access control from a gallery, and the gallery is set to inherit its access control from a parent photoset group, the ultimate access control settings of the photo will be the same as those of the group.

Effective access control settings are based on the current object parent. For example, when a photo from a private gallery is set to inherit its access control, it is effectively private. When the same photo is moved to a public gallery, the photo becomes effectively public, since it still inherits its access control from its current parent. If access control settings of a parent object change, they are immediately reflected by all children objects that inherit access control from this object.

Note that collections are not considered parents of the photos they contain, therefore, collection membership has no effect on how access control is evaluated for the individual photos. Photos inherit their access control only from the gallery they belong to. Since each photo can belong to one and only one gallery, there is no ambiguity.

When a new object is created, it is by default set to inherit its access control from the parent object. To assign access control settings directly to the object, invoke one of the UpdatePhotoAccess, UpdatePhotoSetAccess, or UpdateGroupAccess methods and pass it an instance of the AccessUpdater object with the desired access control settings and IsDerived flag set to false. To reset the object to inherit its access control from the parent object, invoke the corresponding access update method and pass it an AccessUpdater with IsDerived flag set to true.

Index