REST API Returns Information for an Unauthorized Library

[Kuan-Lun]

Steps to reproduce

1. Currently, there is a library A (library_id = aaa).
2. Create an account test@example.com.
3. Using Edit restrictions, deselect All Libraries, and only select Library A.
4. Create another library, Library B (library_id = bbb).
5. Use the Python package requests to execute the command: requests.get("[komga-url]/api/v1/series?library_id=bbb", auth=HTTPBasicAuth("test@example.com", "password")).json(). The response is {'content': [{'id': 'xxx', 'libraryId': 'aaa', 'name'... (I think it just returns the information from the first library.)

Expected behavior

The response should be a null dict or raise an error.

Actual behavior

See step 5. This is an error, as the information accessed pertains to Library A instead of Library B.

Logs

No response

Komga version

v1.10.4-master

Operating system

Linux

Installation method

Docker

Other details

I suspect that this issue and #1470 are caused by the same underlying logic problem in the code, but I am not sure, so I have opened another issue to address it separately.

Acknowledgements

• [X] I have searched the existing issues (open AND closed) and this is a new ticket, NOT a duplicate or related to another open issue.
• [X] I have written a short but informative title.
• [X] I have checked the FAQ.
• [X] I have updated the app to the latest version.
• [X] I will fill out all of the requested information in this form.

[github-actions[bot]]

🎉 This issue has been resolved in 1.11.0 (Release Notes)