Instance "openness" level

I open this issue following discussion with @Stfmani and recurring demands from services like fire departments.

For now, the Panoramax API & Website are by default "open", meaning everyone can access the content, and eventually upload with an account.

One organization can also have a fully internal/closed instance, on its own private network. As long as no external access is necessary, it works (I would say it's open in a closed network).

For everything in-between, it's more complicated.

  • We have hidden sequences, visible only for the author. But they are considered in code like "hidden not to be seen", so they are ignored in some processes.
  • We could put the instance behind a proxy with Basic auth, but upload is not working with CLI (Stéphane tried, redirects are not passing through user/pass defined in API URL)

So maybe it's time to discuss and start implementing all the fifty shades of openness ?

Real world use cases

🚒 Fire departments 🧑‍🚒

  • They'd like an open instance, where they can share public places pictures (public roads)
  • They'd like in it to have "internal" pictures & sequences, for non-public or sensitive places pictures (industrial grounds, building indoors)
    • These pictures have to be visible when you're registered on the platform (only fire department employees can have an account)
    • They should not in any way leak in public website, nor metacatalog
    • I guess the choice between internal/public sequence should be available at upload and when editing sequences

🗺️ Cartocité (and various bureaux d'études)

  • When they have open pictures, they share it at public instances (like OSMFR or IGN)
  • But they may have pictures that can't be open (like train stations indoors 🚄 ) but may be shared to selected people (like SNCF employees, or partner companies in general). We could assume partners will have an account on the instance.
  • So it's mostly same as fire departments, but where nothing will be open in the instance.

What we could do

The issue might be split into two sub-parts :

  • Is the frontend & API calls available without an account : true allows access for unidentified people (current situation), false means you need an account to see the map or access any data.
  • Sequences & pictures visibility : beyond existing status (preparing, public, hidden), we can add an "internal" status, meaning you need to be registered to see the data. API routes send or not internal data depending on if credentials are sent by the browser/client. The status can be changed at upload or in sequence editing.

Any inputs on this can be interesting @overflorian @cquest @antoine-de @Stfmani 😁

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information