Admin API key cannot delete assets owned by other users #6804
-
The bugHello, I am trying to delete some orphaned assets (due to docker volume weirdness, not because of an Immich bug) using the deleteAssets api. When I send the request:
I recieve:
If I use the asset owner's API key then it works and deletes the asset successfully. The OS that Immich Server is running onFedora Linux 37 (Server Edition) x86_64, Docker version 24.0.7 Version of Immich Serverv1.93.3 Version of Immich Mobile AppN/A Platform with the issue
Your docker-compose.yml contentN/A Your .env contentN/A Reproduction stepsSend a DELETE request to https://[immich]/api/asset
Use an admin api key
Include an asset UUID owned by a different user from the admin account
Get a 400 error Additional informationI've tested this in python with the requests library as well as with curl I doubt this is a big issue, but it's still an inconvenience when using a script to delete all the orphaned assets as you need an admin api key to get the list of orphans and then an api key from every user matched to the assets to be deleted... Or you can just try every user api key against every asset but its still a massive pain with multiple users. (Thankfully my IDP has impersonation so I can get the various api keys) |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments
-
This is as intended |
Beta Was this translation helpful? Give feedback.
-
Okay, sorry for the waste of time. I couldn't find anything about it in the docs. |
Beta Was this translation helpful? Give feedback.
-
I'm not sure how to do it from mobile but it might be worth converting it to a conversation (as answered/solved mark) until we add this information to the documentation. |
Beta Was this translation helpful? Give feedback.
This is as intended