Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Read-Only mode allows multiple changes to occur that should be restricted #3262

Closed
DieselTech opened this issue Oct 8, 2024 · 1 comment · Fixed by #3453
Closed

Read-Only mode allows multiple changes to occur that should be restricted #3262

DieselTech opened this issue Oct 8, 2024 · 1 comment · Fixed by #3453
Labels
accepted A feature request that is accepted

Comments

@DieselTech
Copy link
Collaborator

DieselTech commented Oct 8, 2024
edited
Loading

What happened?

When a user is set to Read-Only mode they are still able to make a lot of changes that should be restricted:

  • Adding and deleting reading lists
  • Can download and apply themes
  • Add and remove devices
  • Change locale language
  • Can add external sources that point to other websites outside of kavita

Trying to set a different email does log the user out, but it doesn't change the email address directly. Ideally it should error 400 like all the other attempts to change the user profile.

What did you expect?

To be proper read-only and unable to add or delete things.

Kavita Version Number - If you don not see your version number listed, please update Kavita and see if your issue still persists.

0.8.3 - Stable

What operating system is Kavita being hosted from?

None

If the issue is being seen on Desktop, what OS are you running where you see the issue?

None

If the issue is being seen in the UI, what browsers are you seeing the problem on?

No response

If the issue is being seen on Mobile, what OS are you running where you see the issue?

None

If the issue is being seen on the Mobile UI, what browsers are you seeing the problem on?

No response

Relevant log output

No response

Additional Notes

No response
@DieselTech DieselTech added the needs-triage Needs to be triaged by a developer and assigned a release label Oct 8, 2024
@DieselTech DieselTech changed the title Read-Only mode allows deleting of reading lists Read-Only mode allows multiple changes to occur that should be restricted Oct 8, 2024
@Kareadita Kareadita deleted a comment Oct 24, 2024
@majora2007
Copy link
Member

This is a note for myself that I will go forward with these restrictions.

Originally I had wanted the readonly account to have some customization, but after using our demo site many times, I should restrict this up to be what the name implies.

@majora2007 majora2007 added accepted A feature request that is accepted and removed needs-triage Needs to be triaged by a developer and assigned a release labels Nov 22, 2024
@majora2007 majora2007 moved this from To Do to Done, Not Pushed in v0.8.5 - Kavita+ UX Overhaul Dec 10, 2024
@majora2007 majora2007 moved this from Done, Not Pushed to In Progress in v0.8.5 - Kavita+ UX Overhaul Dec 10, 2024
@majora2007 majora2007 moved this from In Progress to Done, Not Pushed in v0.8.5 - Kavita+ UX Overhaul Dec 11, 2024
@majora2007 majora2007 mentioned this issue Dec 11, 2024
Merged
@github-project-automation github-project-automation bot moved this from Done, Not Pushed to Done in v0.8.5 - Kavita+ UX Overhaul Dec 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
accepted A feature request that is accepted
Projects
v0.8.5 - Kavita+ UX Overhaul
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Read Only Account Changes + Fixes from last PR Kareadita/Kavita
2 participants
@majora2007 @DieselTech