vrr/navidrome
2
0
Fork 0
mirror of https://github.com/navidrome/navidrome.git synced 2026-04-28 03:19:38 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

feat(plugins): allow mounting library directories as read-write (#5122)
Some checks are pending
Pipeline: Test, Lint, Build / Upload Linux PKG (push) Blocked by required conditions
Details
Pipeline: Test, Lint, Build / Get version info (push) Waiting to run
Details
Pipeline: Test, Lint, Build / Lint Go code (push) Waiting to run
Details
Pipeline: Test, Lint, Build / Test Go code (push) Waiting to run
Details
Pipeline: Test, Lint, Build / Test JS code (push) Waiting to run
Details
Pipeline: Test, Lint, Build / Lint i18n files (push) Waiting to run
Details
Pipeline: Test, Lint, Build / Check Docker configuration (push) Waiting to run
Details
Pipeline: Test, Lint, Build / Build (push) Blocked by required conditions
Details
Pipeline: Test, Lint, Build / Build-1 (push) Blocked by required conditions
Details
Pipeline: Test, Lint, Build / Build-2 (push) Blocked by required conditions
Details
Pipeline: Test, Lint, Build / Build-3 (push) Blocked by required conditions
Details
Pipeline: Test, Lint, Build / Build-4 (push) Blocked by required conditions
Details
Pipeline: Test, Lint, Build / Build-5 (push) Blocked by required conditions
Details
Pipeline: Test, Lint, Build / Build-6 (push) Blocked by required conditions
Details
Pipeline: Test, Lint, Build / Build-7 (push) Blocked by required conditions
Details
Pipeline: Test, Lint, Build / Build-8 (push) Blocked by required conditions
Details
Pipeline: Test, Lint, Build / Build-9 (push) Blocked by required conditions
Details
Pipeline: Test, Lint, Build / Build-10 (push) Blocked by required conditions
Details
Pipeline: Test, Lint, Build / Push to GHCR (push) Blocked by required conditions
Details
Pipeline: Test, Lint, Build / Push to Docker Hub (push) Blocked by required conditions
Details
Pipeline: Test, Lint, Build / Cleanup digest artifacts (push) Blocked by required conditions
Details
Pipeline: Test, Lint, Build / Build Windows installers (push) Blocked by required conditions
Details
Pipeline: Test, Lint, Build / Package/Release (push) Blocked by required conditions
Details
POEditor export / push-translations (push) Waiting to run
Details

Browse source 
* feat(plugins): mount library directories as read-only by default

Add an AllowWriteAccess boolean to the plugin model, defaulting to
false. When off, library directories are mounted with the extism "ro:"
prefix (read-only). Admins can explicitly grant write access via a new
toggle in the Library Permission card.

* test: add tests to buildAllowedPaths

Signed-off-by: Deluan <deluan@navidrome.org>

* chore: improve allowed paths logging for library access

Signed-off-by: Deluan <deluan@navidrome.org>

---------

Signed-off-by: Deluan <deluan@navidrome.org>
This commit is contained in:
Deluan Quintão 2026-02-28 10:59:13 -05:00 committed by GitHub
parent d134de1061
commit d9a215e1e3
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
13 changed files with 229 additions and 75 deletions
Download patch file Download diff file Expand all files Collapse all files

22
tests/mock_plugin_manager.go
View file

@ -18,7 +18,7 @@ type MockPluginManager struct {
// UpdatePluginUsersFn is called when UpdatePluginUsers is invoked. If nil, returns UsersError.
UpdatePluginUsersFn func(ctx context.Context, id, usersJSON string, allUsers bool) error
// UpdatePluginLibrariesFn is called when UpdatePluginLibraries is invoked. If nil, returns LibrariesError.
UpdatePluginLibrariesFn func(ctx context.Context, id, librariesJSON string, allLibraries bool) error
UpdatePluginLibrariesFn func(ctx context.Context, id, librariesJSON string, allLibraries, allowWriteAccess bool) error
// RescanPluginsFn is called when RescanPlugins is invoked. If nil, returns RescanError.
RescanPluginsFn func(ctx context.Context) error
@ -48,9 +48,10 @@ type MockPluginManager struct {
AllUsers bool
}
UpdatePluginLibrariesCalls []struct {
ID string
LibrariesJSON string
AllLibraries bool
ID string
LibrariesJSON string
AllLibraries bool
AllowWriteAccess bool
}
RescanPluginsCalls int
}
@ -105,14 +106,15 @@ func (m *MockPluginManager) UpdatePluginUsers(ctx context.Context, id, usersJSON
return m.UsersError
}
func (m *MockPluginManager) UpdatePluginLibraries(ctx context.Context, id, librariesJSON string, allLibraries bool) error {
func (m *MockPluginManager) UpdatePluginLibraries(ctx context.Context, id, librariesJSON string, allLibraries, allowWriteAccess bool) error {
m.UpdatePluginLibrariesCalls = append(m.UpdatePluginLibrariesCalls, struct {
ID string
LibrariesJSON string
AllLibraries bool
}{ID: id, LibrariesJSON: librariesJSON, AllLibraries: allLibraries})
ID string
LibrariesJSON string
AllLibraries bool
AllowWriteAccess bool
}{ID: id, LibrariesJSON: librariesJSON, AllLibraries: allLibraries, AllowWriteAccess: allowWriteAccess})
if m.UpdatePluginLibrariesFn != nil {
return m.UpdatePluginLibrariesFn(ctx, id, librariesJSON, allLibraries)
return m.UpdatePluginLibrariesFn(ctx, id, librariesJSON, allLibraries, allowWriteAccess)
}
return m.LibrariesError
}