Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug Report: Admin User Receives 403 Error When Accessing Library #1470

Closed
5 tasks done
Kuan-Lun opened this issue Apr 12, 2024 · 5 comments
Closed
5 tasks done

Bug Report: Admin User Receives 403 Error When Accessing Library #1470

Kuan-Lun opened this issue Apr 12, 2024 · 5 comments
Labels
bug Something isn't working released

Comments

@Kuan-Lun
Copy link

Steps to reproduce

  1. Utilize two libraries, named A and B.
  2. Create a user account named alice who is not an administrator.
  3. Modify the access restrictions for library A but not for library B.
  4. Append authorization using the URL [komg-url]swagger-ui/index.html.
  5. Change the user role of alice to an administrator.
  6. Attempt to use the REST API to retrieve information from library B.
  7. Observe a 403 Error, indicating forbidden access to library B despite alice now being an administrator. This error is unexpected as admin rights should grant full access.
  8. Change the user role of alice back to a non-administrator.
  9. Modify the access restrictions for both libraries A and B.
  10. Change the user role of alice to an administrator.
  11. Successfully access library B after the access restrictions modification.

Expected behavior

See step 7.

Actual behavior

See step 6.

Logs

No response

Komga version

v1.10.4-master

Operating system

Linux

Installation method

Docker

Other details

No response

Acknowledgements

  • I have searched the existing issues (open AND closed) and this is a new ticket, NOT a duplicate or related to another open issue.
  • I have written a short but informative title.
  • I have checked the FAQ.
  • I have updated the app to the latest version.
  • I will fill out all of the requested information in this form.
@gotson
Copy link
Owner

gotson commented Apr 15, 2024

I don't understand what you are doing tbh

@Kuan-Lun
Copy link
Author

Granting any account administrator permissions should allow the account to access all libraries. However, in practice, the libraries accessible are limited to those set for access before the administrator permissions were granted. I think this might be a bug.

@gotson
Copy link
Owner

gotson commented Apr 15, 2024

can you provide which endpoints you tried that returned that error ?

@Kuan-Lun Kuan-Lun mentioned this issue Apr 15, 2024
Closed
5 tasks
@Kuan-Lun
Copy link
Author

Kuan-Lun commented Apr 15, 2024
edited
Loading 

import requests  # type: ignore
from requests.auth import HTTPBasicAuth  # type: ignore

url = f"[komga-url]/api/v1/books/0FR5EDTZ1XAKA/metadata"
response = requests.patch(
    url, auth=HTTPBasicAuth("[email protected]", "test123"), json={"title": "new title"}
)
response.raise_for_status()

requests.exceptions.HTTPError: 403 Client Error: for url: [komga-url]/api/v1/books/0FR5EDTZ1XAKA/metadata

@gotson gotson added bug Something isn't working and removed triage labels Apr 16, 2024
@gotson gotson closed this as completed in 77bad31 Apr 17, 2024
@github-actions GitHub Actions
Copy link
Contributor

🎉 This issue has been resolved in 1.11.0 (Release Notes)

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 19, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working released
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gotson @Kuan-Lun