Deathsquirrel 745 Posted September 21, 2015 Posted September 21, 2015 Is it possible to restrict users from editing collections? I've just logged in as a user with no rights to do ANYTHING but read the list of media on the server. Every checkbox on the Profile tab is unselected except the two under Advanced Controls. That user can't play media or access the metadata manager but they can create collections, delete collections, and add items to collections. They can't remove items from collections as that requires the metadata manager.
Deathsquirrel 745 Posted September 22, 2015 Author Posted September 22, 2015 Bumping this once to make sure it's seen. Users that have all rights restricted definitely should not be adding or deleting collections. 2
micnda 2 Posted November 1, 2015 Posted November 1, 2015 Agreed. I'm seeing the same. Also if you try deleting a collection does it appear as though the server crashes?
Luke 42080 Posted November 1, 2015 Posted November 1, 2015 Agreed. I'm seeing the same. Also if you try deleting a collection does it appear as though the server crashes? Tested, no problem found. Please see http://emby.media/community/index.php?/topic/739-how-to-report-a-problem/ to provide more info. Thanks.
Deathsquirrel 745 Posted November 1, 2015 Author Posted November 1, 2015 I'm not getting a crash on deletion but in Version 3.0.5781.0 my kids account with no admin rights can still add, delete, and modify collections.
micnda 2 Posted November 1, 2015 Posted November 1, 2015 Yes I'm on the same version and get the same results. Crash might be to harsh of a word. The web interface takes about 30 sec to 1 minute to recover after deleting and another 30 sec to rebuild the pictures for movies display. Maybe my PC is too slow...
ab123ga 15 Posted November 2, 2015 Posted November 2, 2015 I created a user /w minimal rights as noted and was able to edit collections as well. It also let me delete collections.
cubatilles 3 Posted December 1, 2020 Posted December 1, 2020 Hi, Is this issue still present? It's like 5 years since it was opened. I've just noted today my emby users can edit, create and delete collections. I though it was a misconfig on my end, but searching on the forums I've found this issue from 2015... Has this issue really been unresolved all this time or am I missing something? And if this is really the case, is there any workaround? I've found various problems with emby in the past (I'm just using it since some months ago) and until now I've decided to live with it, but this issue would be a stopper for me. I would really want to avoid having to migrate again to another software (jellyfin?) after all the work I've put on my Emby server. So any help on this would be appreciated.. Is there anyway to avoid any user from altering collections? Any attention from the devs will be appreciated. Sincerely,
Spaceboy 2573 Posted December 1, 2020 Posted December 1, 2020 this issue is still present but i doubt jellyfin will have fixed it either. the only way to stop it is the threat of violence against your users 1
pwhodges 2012 Posted December 1, 2020 Posted December 1, 2020 Are collection details stored in files in a way that could be locked by making them read-only via the OS? Paul
Carlo 4561 Posted December 3, 2020 Posted December 3, 2020 While waiting for this to get fixed I would recommend backing up the folders holding playlists and collections from time to time. You can always easily put them back this way if a user goes wild.
Spaceboy 2573 Posted December 3, 2020 Posted December 3, 2020 i mean, you say waiting for it to be fixed.... its been 5 years. i think we can conclude that this is something that luke just does not care about
rbjtech 5284 Posted December 3, 2020 Posted December 3, 2020 The core issue I think is the fact the collection is simply an XML file .. it is not stored in the database .. that doesn't detract from the fact that the user should not get the option to remove/edit (ie rw) the XML file. You could simply make the XML file Read Only at the os level, but then it blocks Admins from editing it as well .. I'm not sure tbh why emby is still using XML for collections especially as there is a collection field in the db that could be used instead .. 1
Carlo 4561 Posted December 3, 2020 Posted December 3, 2020 Spaceboy, Not for me to say but I was just giving a piece of advise that can be used now. rbjtech, I agree. Both collections and playlists would become much cleaner if handled via database.
cubatilles 3 Posted December 3, 2020 Posted December 3, 2020 Well, I was not trying to complain here, but as @Spaceboysaid, given the time this was reported, and given it should be easily fixed, if thas not been until now, it's probably not gonna be fixed on a medium period of time, if ever. By now I'll begin to try jellyfin on a test environment (I don't remember why I left Plex on the first place but it was also because of some similar lack of basic feature) and probably leave Emby eventually when I feel the jellyfin is a safe step-up. Unfortunately there doesn't seem to be any other serious alternatives, afaik. I want to thank all the community support here, specially @pwhodgeswho kindly gave me a hand on all posts I opened. Sincerely,
Carlo 4561 Posted December 3, 2020 Posted December 3, 2020 I do believe this is planned. @Luke can you confirm/deny if playlist/collection admin management is planned in the near future to stop unauthorized users from editing them?
Luke 42080 Posted December 26, 2020 Posted December 26, 2020 This will be resolved in Emby Server 4.6. Thanks.
Embyfied 3 Posted December 29, 2020 Posted December 29, 2020 If collections and playlists get moved to "user/media" controlled areas from "Emby/data"; then the wait will be worth the result. Thank you.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now