search

immich-app / immich

High performance self-hosted photo and video management solution.
https://immich.app
GNU Affero General Public License v3.0
52.66k stars 2.79k forks source link

feat(server): Add publicUsers toggle for user search #14330

Open samholton opened 1 day ago

samholton commented 1 day ago

By default, when a user adds an immich user to a shared library, the user-selection-modal shows a list of all users (email and name) on the server. This can be problematic on a more public server used by multiple groups that you don't want to leak names and emails. The long term fix is the proper groups/organizations structure.

This is a short term fix that adds a publicUsers server setting. By default, this will be true to maintain existing functionality. But if this setting is disabled, regular users will not see any users in the user-selection-modal. Admin users will still see all of the users and be able to add users to shared albums.

New Setting image

What non-admin users will see on user-selection-modal

image

github-actions[bot] commented 1 day ago

📖 Documentation deployed to pr-14330.preview.immich.app

alextran1502 commented 1 day ago

Can you help test if the mobile app will need to patch this property in mobile\lib\utils\openapi_patching.dart by using the current release version of the app and login to the server in this PR?

samholton commented 1 day ago

Can you help test if the mobile app will need to patch this property in mobile\lib\utils\openapi_patching.dart by using the current release version of the app and login to the server in this PR?

Sure. Is there a preview sever for this? I haven't done anything with mobile before. Or just use the Android app to login to my local server and test?

samholton commented 1 day ago

I was able to login to my local server on an old Android device but seeing some issues. Going to test a bit more to see if its my device or this change

samholton commented 1 day ago

I am able to reproduce the issue on a second Android device. When the publicUsers is set to false and I create a new album, the add users to album displays no users to add (as expected). However, after the initial view of the album, it seems the app thinks I am no longer the owner. The add users, share, etc. options no longer show - just leave album.

Even if I set publicUsers back to true and close the app and clear the cache, it still doesn't see me as the owner. Clearing all app data and logging back into the app resolves the issue (with publicUsers set to true)

With publicUsers set to true, I can close the app and go back to the shared album and add users.

Maybe I should return a list of just the current user rather than []? https://github.com/immich-app/immich/blob/adcb3893fdd81ade5639ccf1a64cf8ba13118725/server/src/services/user.service.ts#L25

samholton commented 1 day ago

Maybe I should return a list of just the current user rather than []?

https://github.com/immich-app/immich/blob/adcb3893fdd81ade5639ccf1a64cf8ba13118725/server/src/services/user.service.ts#L25

This does seem to resolve the issue

let users: UserEntity[] = [auth.user];
samholton commented 5 hours ago

Can you help test if the mobile app will need to patch this property in mobile\lib\utils\openapi_patching.dart by using the current release version of the app and login to the server in this PR?

@alextran1502 does not appear to need any patching. I was able to use the current mobile app with the new setting both enabled and disabled. I did need to return a list with the current user rather than empty list (PR updated)