Anonymous can see my whole library, (no details and downloads) this is a serious issue.

[teflontoni]

Something is broken with the last commit(s?). All of sudden downloading with the tolino isn't working anymore, 2 days before I could download books.

return self.view_functionsrule.endpoint File "/opt/weblibrary/cps/web.py", line 1320, in show_book title=entries.title, books_shelfs=book_in_shelfs, have_read=have_read) File "/opt/weblibrary/cps/web.py", line 613, in render_title_template return render_template(instance=config.config_calibre_web_title, *args, **kwargs) File "/opt/weblibrary/vendor/flask/templating.py", line 134, in render_template context, ctx.app) File "/opt/weblibrary/vendor/flask/templating.py", line 116, in _render rv = template.render(context) File "/opt/weblibrary/vendor/jinja2/environment.py", line 1008, in render return self.environment.handle_exception(exc_info, True) File "/opt/weblibrary/vendor/jinja2/environment.py", line 780, in handle_exception reraise(exc_type, exc_value, tb) File "/opt/weblibrary/cps/templates/detail.html", line 1, in top-level template code {% extends is_xhr|yesno("fragment.html", "layout.html") %} File "/opt/weblibrary/cps/templates/layout.html", line 165, in top-level template code {% block body %}{% endblock %} File "/opt/weblibrary/cps/templates/detail.html", line 184, in block "body" {% if g.user.shelf.all() or g.public_shelfes %} File "/opt/weblibrary/vendor/jinja2/environment.py", line 430, in getattr return getattr(obj, attribute) UndefinedError: 'werkzeug.local.LocalProxy object' has no attribute 'shelf' ERROR:tornado.access:500 GET //book/111 (127.0.0.1) 44.41ms

to my layman's eyes there is a slash too many in the GET, but I might be wrong. Any hint what I could do about this?

EDIT: OK, it's more serious than this. If I am NOT logged in I see my whole library, althoug I forbid anonymous browsing. Thankfully that's why the download fails. Nontheless this is a HUGE issue...

[teflontoni]

Ok, I am not the first to see this, sorry