Give everyone access to all books, intentionally ignoring Calibre-Web ACL accounts/authorization?

[deldesir]

Question: Does this allow everyone access to all books, regardless whether they have a Calibre-Web account/access/authorization?

(As an intentional or unintentional side effect?)

  - ln -s /library/calibre-web /library/www/html/calibre-web

_Originally posted by @holta in https://github.com/iiab/calibre-web/pull/51#discussion_r1406020549_

[holta]

RECAP towards bringing us back to a truly workable & sane solution — all videos/audio/media/books need to be playable without wastefully polluting server's memory.

Just for the moment, all "books" appear to be forcibly public under URL...

http://box/library/calibre-web/

...which is extremely concerning for 2 reasons:

1) This violates everything about Calibre-Web's username/password security model — and peoples' longstanding expectations :/

2) If the above is really needed in the very short-term during debugging / testing / designing a better solution, FYI this particular choice of URL (URLs containing string "/library/calibre-web/") is very strange — as it very unfortunately (makes it appear) as if the entire IIAB disk (from the root of the filesystem) is being made public :/

(While 2. is admittedly just a cosmetic issue, it's an extremely serious one if it makes everybody distrust the system!!)

[holta]

I'm not sure we have an answer just yet to the larger questions (OOM/RAM/memory risks during playback of large audio/video/book files, ideally while honoring Calibre-Web's web username/password security model) BUT please all see the huge amount of ongoing progress within these 2 PR's in recent days: ✅

• PR #51
• PR #57

Working with/alongside these TDD-oriented[*] IIAB refinements:

• PR iiab/iiab#3676
• PR iiab/iiab#3677
• PR iiab/iiab#3678
• PR iiab/iiab#3680

[*] Test-Driven Development.