Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Users are able to see items they do not have access to in filter list #3562

Open
nichwall opened this issue Oct 29, 2024 · 0 comments
Open

[Bug]: Users are able to see items they do not have access to in filter list #3562

nichwall opened this issue Oct 29, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@nichwall
Copy link
Contributor

What happened?

Users are able to see items in the filter list even if they don't have access to the list, such as "Authors", "Series", "Tag", etc. The function getFilterData creates the filter based on the library without taking user access into account.

I limited this user to only view the "Science Fiction" tag, which for example should not show "Fantasy" or "Brandon Sanderson".
image
image

What did you expect to happen?

Filter information by user similar to other parts of the API.

A potential solution is to add a user parameter to filter the data and have user specific caches for the filter data for each library.

Steps to reproduce the issue

  1. Create a user
  2. Limit user access by tags
  3. Use the "filter" dropdown to see tags they shouldn't be able to see, along with other fields

Audiobookshelf version

v2.16.1

How are you running audiobookshelf?

Built from source

What OS is your Audiobookshelf server hosted from?

Linux

If the issue is being seen in the UI, what browsers are you seeing the problem on?

None

Logs

[2024-10-28 18:40:29.782] DEBUG: Filter data: {
  authors: [
    {
      id: 'b059d5e3-02a6-457e-be40-bb12a908fddd',
      name: 'Brandon Sanderson'
    },
    { id: '60841878-f8c7-4bd1-a69b-b4ad8c596d60', name: 'Comics' },
    {
      id: '4c5deaa4-5a16-46cd-8727-2cca67b9b764',
      name: 'Isaac Asimov'
    },
    {
      id: '87943f2e-dae8-40d3-abcd-540e0516c6f2',
      name: 'Isaac Asimov/Kevin T. Collins'
    },
    {
      id: 'cb568b56-004e-41c0-bd8b-bcaa81620934',
      name: 'Isaac Asimov/Larry McKeever'
    },
    {
      id: 'c08f18b7-5eb2-41af-b09e-89aad87e84e3',
      name: 'Isaac Asimov/Robert Fass'
    },
    {
      id: 'd031f7c3-775b-45da-9d4e-a8387a2deaae',
      name: 'Isaac Asimov/Scott Brick'
    }
  ],
  genres: [ 'Audiobook', 'Fiction', 'Science Fiction' ],
  tags: [ 'Fantasy', 'Science Fiction' ],
  series: [
    {
      id: 'bf580a5a-faf7-4fb8-8d25-5b6257911686',
      name: 'Foundation Universe'
    },
    {
      id: '84ee0215-37dd-40b8-bcf5-e20a8d832e80',
      name: 'Stormlight Archive'
    }
  ],
  narrators: [],
  languages: [ 'English', 'XXX' ],
  publishers: [
    'BBC Audiobooks America',
    'Blackstone Audio, Inc.',
    'Books On Tape',
    'Books on Tape'
  ],
  publishedDecades: [ '2010' ],
  numIssues: 0,
  loadedAt: 1730166029782
}

Additional Notes

The above log is an additional debug printout Logger.debug('Filter data:', data) to getFilterData https://github.com/advplyr/audiobookshelf/blob/50fd659749128a321ecc3284e128d014433145a9/server/utils/queries/libraryFilters.js#L435C1-L548C4
@nichwall nichwall added the bug Something isn't working label Oct 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nichwall