This was originally part of my last post, but it got off-topic so I thought I'd begin another post. Heh.
I'm hoping that it's going to be possible to have accounts which don't have associated galleries. For example, I would want to give some of my friends accounts on my installation so that they can view my pictures, but that doesn't mean they should also get their own galleries alongside that account.
LJ's ’policy’ has always been that it doesn't matter that all accounts have journals because the empty journals attached to accounts used for reading don't do any harm, but on a private FotoBilder installation it'd be considerably more annoying to have fifteen blank galleries just so fifteen of my friends can see pictures. I'd like to be able to configure the UI so that the “Create Account” page can be set to allow the creation of both gallery and read-only accounts, or each of those separately, or no accounts at all. It'd also be nice if certain accounts were able to create different kinds of accounts despite the site-wide settings.
Example of this: photos.fitzpat.com has the site-wide setting set to not allow the creation of any accounts, but the ‘brad’ account has access to create both full accounts and read-only accounts, which Brad Fitzpatrick can use to create full accounts called ‘cole’, ‘kelly’, ‘ryan’ and ‘sandy’. Each of these accounts can be set by Brad so that they can create read-only accounts, and then Cole can make read-only accounts for his friends Tim, Waldo, Fred and Joe so that they can view the special pictures he took at some social gathering.
This is starting to look a lot like LJ's privs system. In this example, Brad would have the ‘admin’ priv which allows him to bestow other privs just like on LJ, and the ‘createaccount’ priv with the arg set to ‘all’ so that he can create all kinds of accounts (which at the moment is only two, but more might be needed later for some reason). Cole (and all of the other family members) would only have the ‘createaccount’ priv with the arg set to ’readonly’, and no ‘admin’ priv at all because Cole isn't allowed to give his friends access to create new accounts. (or, maybe he's only allowed to give access to his friends to create read-only accounts, priv ’admin’ arg ’createaccount:readonly’.)
This behavior is already how the LJ priv system works, so can we just pull that over wholesale, including the management interface? I can see privs being useful for other things down the line, and site-local privs will probably be useful on PicPix.com when it gets so popular that it becomes time to enslave overly-generous geeks again. ;)