Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RFC: Per 'Library Access' defaults for LDAP filters #95

Open
jketreno opened this issue Nov 4, 2021 · 7 comments
Open

RFC: Per 'Library Access' defaults for LDAP filters #95

jketreno opened this issue Nov 4, 2021 · 7 comments

Comments

@jketreno
Copy link
Contributor

jketreno commented Nov 4, 2021

I started implementing a POC to allow the admin to define default library access permissions grouped by LDAP filters.

Here is an initial screen shot. Before I plum in the backend, I wanted to get comments or feedback on:

  1. Is there interest in this in the upstream project?
  2. Does this UX look like it aligns with how the plugin should present itself?

image

When the user clicks 'Delete' on an item, it would prompt prior to deleting that filter group.

When the user clicks + it would pop up a dialog allowing them to define the filter and select which libraries are available.

When the user clicks 'Edit' it would pup up that same dialog, pre-filled with the current settings.

These settings would only be used during initial Jellyfin user creation.

These options are only available if 'Enable User Creation' is selected.
@crobibero
Copy link
Member

Thanks for opening a RFC! This sounds like something that would be very useful to have. The UI seems easy to follow, so good work on that

@bloomfieldcollege
Copy link

I'd be very interested in learning how to do this.

@twinkybot
Copy link

This would be a very nice feature. I think I remember that I tried to set the default for new users to NO Library. But now I have the issue that my LDAP users are created by other systems and are allowed to access jellyfin too.
The problem is now that as admin I cannot restrict access as they do not show up in jellyfin before the first log in.

@twinkybot twinkybot mentioned this issue Nov 10, 2021
Open
@BDaddyG
Copy link

BDaddyG commented Nov 17, 2021

I'd like to say that I'm also very interested in having a system like this in place. Thanks for working on it!

So I'm clear, this form would be available on each library? Would there be a place for global default library access?

@jketreno
Copy link
Contributor Author

@BDaddyG I hadn't considered mapping each Library to a unique LDAP filter... I had been thinking the reverse; you would add an LDAP filter and then select which Libraries are enabled for users that match that filter. I like your suggestion better -- the admin flow would be to show the list of Libraries, and for each one, let the admin assign an LDAP filter for users that would have access to that Library.

And as you suggest, also have a 'Default' LDAP filter that is used for any Library which does not have an explicit LDAP filter defined.

Hopefully I'll have some time this weekend to put together a different POC UX flow, and if it makes sense, I'll start on the implementation.

@kellcomnet2
Copy link

@jketreno Has this effort been abandoned? I just started down the road of jellyfin ldap auth and was surprised by the lack of features regarding per library permissions. I am happy to test your implementation with either 10.7 or 10.8 and Synology Directory services.

@ritkit
Copy link

ritkit commented Aug 26, 2022

Ya this would be an awesome feature to bring back

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@jketreno @kellcomnet2 @ritkit @crobibero @BDaddyG @bloomfieldcollege @twinkybot