LycheeOrg / Lychee

A great looking and easy-to-use photo-management-system you can run on your server, to manage and share photos.
https://lycheeorg.github.io/
MIT License
3.27k stars 295 forks source link

Unable to access shared album #2164

Closed pichouk closed 7 months ago

pichouk commented 7 months ago

Detailed description of the problem

On 5.0.2, a new user cannot access an album even when full sharing is enabled. I have an HTTP 403 error.

Steps to reproduce the issue

  1. On Lychee, using an admin user, create a new test user (with upload and self-management enabled)
  2. Using the same (admin) user, create a test album
  3. On the sharing configuration of this new album, add the test user with all permissions
  4. Connect as the test user and open the album. Should receive an HTTP 403

(Sorry, screenshots are in French) Users New album sharing config Trying to open the album from test user

Output of the diagnostics

Diagnostics
-----------
Warning: /var/www/html/Lychee/public/uploads/ is owned by group lychee, but should be owned by one out of root
Warning: /var/www/html/Lychee/public/uploads/import is owned by group lychee, but should be owned by one out of root
Warning: /var/www/html/Lychee/public/uploads/small is owned by group lychee, but should be owned by one out of root
Warning: /var/www/html/Lychee/public/uploads/small/4d is owned by group lychee, but should be owned by one out of root
Warning: /var/www/html/Lychee/public/uploads/small/4d/c1 is owned by group lychee, but should be owned by one out of root
Warning: 8205 more directories with wrong owner
Warning: Dropbox import not working. dropbox_key is empty.
Warning: You may experience problems when uploading a photo of large size. Take a look in the FAQ for details.
Warning: You may experience problems when uploading a photo of large size. Take a look in the FAQ for details.
Info: Latest version of PHP is 8.3
Warning: git (software) is not available.

System Information
------------------
Lychee Version (git):                    ?? (33354a2) -- Could not compare.
DB Version:                              5.0.2

composer install:                        --no-dev
APP_ENV:                                 production
APP_DEBUG:                               false
APP_URL:                                 set

System:                                  Linux
PHP Version:                             8.2.7
PHP User agent:                          Lychee/4 (https://lycheeorg.github.io/)
Timezone:                                Europe/Paris
Max uploaded file size:                  2M
Max post size:                           8M
Livewire chunk size:                     0.00 B
Max execution time:                      0
PostgreSQL Version:                      PostgreSQL 14.10 on x86_64-pc-linux-musl, compiled by gcc (Alpine 13.2.1_git20231014) 13.2.1 20231014, 64-bit

exec() Available:                        yes
Imagick Available:                       1
Imagick Enabled:                         1
Imagick Version:                         1691
GD Version:                              2.3.3
Number of foreign key:                   11 found.

Config Information
------------------
version:                                 050002
check_for_updates:                       0
sorting_photos_col:                      taken_at
sorting_photos_order:                    ASC
sorting_albums_col:                      max_taken_at
sorting_albums_order:                    ASC
imagick:                                 1
skip_duplicates:                         0
small_max_width:                         0
small_max_height:                        360
medium_max_width:                        1920
medium_max_height:                       1080
lang:                                    fr
image_overlay_type:                      desc
default_license:                         none
compression_quality:                     90
grants_full_photo_access:                1
delete_imported:                         0
mod_frame_enabled:                       1
mod_frame_refresh:                       30
thumb_2x:                                1
small_2x:                                1
medium_2x:                               1
landing_page_enable:                     0
site_owner:                              John Smith
landing_title:                           John Smith
landing_subtitle:                        Cats, Dogs & Humans Photography
sm_facebook_url:                         https://www.facebook.com/JohnSmith
sm_flickr_url:                           https://www.flickr.com/JohnSmith
sm_twitter_url:                          https://www.twitter.com/JohnSmith
sm_instagram_url:                        https://instagram.com/JohnSmith
sm_youtube_url:                          https://www.youtube.com/JohnSmith
landing_background:                      dist/cat.webp
site_title:                              Lychee
footer_show_copyright:                   1
site_copyright_begin:                    2019
site_copyright_end:                      2019
footer_additional_text:                  
footer_show_social_media:                0
search_public:                           0
SL_enable:                               0
SL_for_admin:                            0
recent_age:                              1
grants_download:                         0
photos_wraparound:                       1
map_display:                             1
zip64:                                   1
map_display_public:                      1
map_provider:                            OpenStreetMap.fr
force_32bit_ids:                         0
map_include_subalbums:                   1
update_check_every_days:                 3
has_exiftool:                            1
share_button_visible:                    0
import_via_symlink:                      0
has_ffmpeg:                              1
location_decoding:                       1
location_decoding_timeout:               30
location_show:                           1
location_show_public:                    0
rss_enable:                              0
rss_recent_days:                         7
rss_max_items:                           100
prefer_available_xmp_metadata:           0
editor_enabled:                          1
lossless_optimization:                   0
swipe_tolerance_x:                       150
swipe_tolerance_y:                       250
local_takestamp_video_formats:           .avi|.mov
log_max_num_line:                        1000
unlock_password_photos_with_url_param:   0
nsfw_visible:                            1
nsfw_blur:                               0
nsfw_warning:                            0
nsfw_warning_admin:                      0
nsfw_banner_override:                    
map_display_direction:                   1
album_subtitle_type:                     oldstyle
upload_processing_limit:                 4
new_photos_notification:                 0
legacy_id_redirection:                   1
zip_deflate_level:                       6
SA_enabled:                              1
default_album_protection:                1
allow_username_change:                   1
album_decoration:                        layers
album_decoration_orientation:            row
auto_fix_orientation:                    1
use_job_queues:                          0
random_album_id:                         starred
use_last_modified_date_when_no_exif_date: 0
ffmpeg_path:                             /usr/bin/ffmpeg
ffprobe_path:                            /usr/bin/ffprobe
layout:                                  justified
date_format_photo_thumb:                 M j, Y, g:i:s A e
date_format_photo_overlay:               M j, Y, g:i:s A e
date_format_sidebar_uploaded:            M j, Y, g:i:s A e
date_format_sidebar_taken_at:            M j, Y, g:i:s A e
date_format_hero_min_max:                F Y
date_format_hero_created_at:             M j, Y, g:i:s A T
date_format_album_thumb:                 M Y
upload_chunk_size:                       0
nsfw_banner_blur_backdrop:               0
search_pagination_limit:                 1000
search_minimum_length_required:          4
photo_layout_justified_row_height:       320
photo_layout_masonry_column_width:       300
photo_layout_grid_column_width:          250
photo_layout_square_column_width:        200
photo_layout_gap:                        12
display_thumb_album_overlay:             always
display_thumb_photo_overlay:             hover

Browser and system

Using Firefox 114.0. Lychee deployed in Docker on a Debian 12.4 server

persimmonsoft commented 7 months ago

I have the same problem. I am accessing mine via Cloudflare Tunnels, if that is helpful

ildyria commented 7 months ago

nah, that is clearly a problem within Lychee. I haven't had time to investigate as I was working intensely on https://github.com/LycheeOrg/Lychee/pull/2150

ildyria commented 7 months ago

Interesting, when everything is checked then the action is forbidden.

pichouk commented 7 months ago

Thanks for the fix, @ildyria but also thank you for all your time and work on this project. We're never grateful enough to people maintaining FOSS software :smiley: Merci beaucoup !