IsPublic always 0 for photos from PhotosetsGetPhotos

Topics: Developer Forum
May 9, 2009 at 4:19 AM

When I load a photoset's photos:

    Photoset photoset = flickr.PhotosetsGetPhotos(photosetId, PhotoSearchExtras.All);

It seems that all of the Photo objects in photoset.PhotoCollection have IsPublic == 0, but if I load them this way:

    PhotoSearchOptions options = new PhotoSearchOptions();
    options.Extras = PhotoSearchExtras.All;
    options.UserId = userId;
    Photos photos = flickr.PhotosSearch(options);

I get Photo objects that have IsPublic == 1, which is the correct value.  What is happening?  I tried:

    PhotoPermissions permissions = flickr.PhotosGetPerms(photoId);
    bool isPublic = permissions.IsPublic;

But it throws "Insufficient permissions. Method requires read privileges; none granted. (99)", which is rather ironic.  This seems to work:

    PhotoInfo photoInfo = flickr.PhotosGetInfo(photoId, secret);
    PhotoInfoVisibility visibility = photoInfo.Visibility;
    bool isPublic = visibility.IsPublic == 1;

Is this what I should be doing?

Coordinator
May 14, 2009 at 1:00 PM

It is quite simple. flickr.photosets.getPhotos does not return any information about whether a photo is public or not (use the API explorer to test this) so the property defaults to its uninitialised value of 0 (as it is an integer value).

And flickr.photos.getPerms requires authentication, as per the API docs, so if you had set flickr.AuthToken then the call would have worked.

However, if you are not using authentication then the API does not know who you are and will therefore only ever return public photos anyway.

May 14, 2009 at 7:21 PM
Edited May 14, 2009 at 7:44 PM

Yes, I should play with this API explorer.

It makes sense that the API would only download public photos from non-authenticated users -- that is quite simple.  However, Flickr has this requirement (http://www.flickr.com/services/api/tos/):

"[I]f a user marks a photo as 'private' after using your service, your application must reflect those changes as soon as reasonably possible. If your application has any cached copies of photos that have become 'private,' you must remove as soon as reasonably possible."

So, how to comply...  If I can at least get a list of all a user's photos, including private ones (but not able to actually download the private photos), and get at their IsPrivate properties, I can easily determine that a photo is private and remove it if that file has already been stored on my hard drive.  If I can't get a list that contains private photos, I must maintain my own list of what I have ever downloaded from the user, and delete those things that have disappeared from either being made private or deleted entirely from the user's account (in the latter case, am I to assume that a photo was deleted because the user wants to hide it from the world, or just decided to clean out their account and they don't care if it's still out there?  Flickr only refers to a "user marks a photo as 'private'", which does not necessarily include photo deletion.).  In fact, unless I store the PhotoID in the filename of the downloaded photo, I would still have to maintain a list of everything downloaded because the photo titles/description/etc. are not always unique.  If Flickr never returns private photos for unauthenticated users, I really cannot comply to the letter of Flickr's stated requirements.

Actually, you only stated that the photosets getphotos doesn't return public info -- is that true when getting all photos from a user, or from a group pool?  The Flickr API seems to arbitrarily fill properties differently depending on how I am obtaining photo information.  However, this seems to follow, considering Flickr has put time and effort into special API calls for... three pandas...(!?)

As for authentication, my initial assumption is that it has to be for the user whose photos I am trying to access, and not just any Flickr user, such as myself.  However, the API doc for flickr.people.getPublicPhotos states:

safe_search (Optional)

Safe search setting:
  • 1 for safe.
  • 2 for moderate.
  • 3 for restricted.
(Please note: Un-authed calls can only see Safe content.)

It doesn't make sense that photos marked as restricted, let alone moderate, can only be viewed or downloaded by their own user.  In effect, it is the same as marking a photo as private -- why, then, have a more complex way of doing the same thing?  This implies that any user's authentication will do for viewing moderate and restricted photos, and maybe my assumption above is incorrect.

Coordinator
May 15, 2009 at 10:19 AM

When you authenticate a call you are using the user associated with that call to make the search, just as if they had done the search on the Flickr web site while logged in. When you do not use an authentication token it is like you make a search on Flickr while not logged in.

Completely private photos can only be seen by the user whose photos they are, hence you must be logged in as that user. 'Restricted' photos are not the same thing, and are just photos that have been flagged as unsafe (e.g. porn) so people who are logged in cannot see them, but anyone who is logged in can choose to see them if they want.

As for your original problem - I would recommend storing the photos with a filename that matches their photo id - that is the easiest way to store both the photo and its id. Then you can simply delete photos not returned in subsequent calls.You can filter the photosets call to only show public photos, or indeed if you are not authenticating the call then you will by default only see public photos anyway.

If however you do use authentication, then the user is effectively giving you permission to use their private photos, so does it matter if you store them or not?

Sam

May 16, 2009 at 4:53 PM
Edited May 17, 2009 at 7:08 AM

Thanks!

Needing to be authenticated with just my own Flickr account to access another Flickr account's photos is very different than needing to be authenticated with that account owner, and the Flickr API documentation does not appear to make this distinction.

A related question: I just noticed (http://www.flickr.com/groups/api/discuss/169135/page2/) mention of a "Candownload" property in the Flickr API.  What is this?  It is not in the Flickr.NET documentation.

Also mentioned is a Flickr "guest pass".  I'm not sure exactly what it is or if it would be useful to me, but I assume that it is a Flickr feature not yet in their API, and not yet in Flickr.NET.

Coordinator
May 18, 2009 at 12:37 PM

The can_download attribute is returned by flickr.photos.getInfo. It is not documented in the API, but shows up if you do an example request using the API Explorer. As such I wasn't really aware it was there and hence hadn't added it to the Flickr.Net code. I will do this soon.

Guest Passes are URLs you can send to people to provide them with access to private photos or sets. You can view how many times the pass has been used and revoce access to them as well. The person using the guess pass does not even have to be logged in to Flickr. However there is no access to guest passes via the Flickr API.

May 18, 2009 at 8:24 PM

Interesting.  I wonder what logic is behind can_download.  I'm still not sure if Flickr officially allows me to download All Rights Reserved photos or not; their legalese is not very useful.  Maybe can_download is  a "one stop shopping" way to determine if Flickr wants me to download something or not.

And as to Flickr's requirement for me to delete photos that have since been marked private by the user, because they don't tell me what has become private or deleted, they obviously don't really care themselves about this requirement, and I'm just going to ignore that whole thing, and I suggest everyone else does as well.