starred/bambuddy-maziggy-1
1
0
Fork 0
mirror of https://github.com/maziggy/bambuddy.git synced 2026-05-09 08:25:54 +02:00
Code Issues 44 Projects Packages Wiki Activity

[GH-ISSUE #547] [Bug]: Settings menu visible to unauthorized users, triggering errors on access attempt #356

New issue
Closed
opened 2026-05-07 00:09:08 +02:00 by BreizhHardware · 5 comments
BreizhHardware commented 2026-05-07 00:09:08 +02:00
Owner
Copy link

Originally created by @aneopsy on GitHub (Feb 28, 2026).
Original GitHub issue: https://github.com/maziggy/bambuddy/issues/547

Originally assigned to: @maziggy on GitHub.

Bug Description

When a user has Operators & Viewers roles (but not Admin), the System button remains visible in the menu. Clicking it navigates to the settings page, which triggers an internal error along with a permission error in the web console/request, then redirects the user to the home page (printers).

Expected Behavior

  1. The System button should be hidden from the menu for users who lack permission to access the settings page.
  2. If a user without permission navigates directly to the settings URL, the system should either redirect them cleanly or display an appropriate "Unauthorized" message, without triggering any internal errors.

Steps to Reproduce

  1. Login no admin user
  2. Click settings in the main menu

Printer Model

X1 Carbon

Bambuddy Version

Printer Firmware Version

Installation Method

Manual (git clone)

Operating System

Linux (Ubuntu/Debian)

Relevant Logs / Support Package

-

Screenshots

Additional Context

Checklist

  • I have searched existing issues to ensure this bug hasn't already been reported
  • I am using the latest version of Bambuddy
  • My printer is set to LAN Only mode
  • My printer has Developer Mode enabled
Originally created by @aneopsy on GitHub (Feb 28, 2026). Original GitHub issue: https://github.com/maziggy/bambuddy/issues/547 Originally assigned to: @maziggy on GitHub. ### Bug Description When a user has Operators & Viewers roles (but not Admin), the System button remains visible in the menu. Clicking it navigates to the settings page, which triggers an internal error along with a permission error in the web console/request, then redirects the user to the home page (printers). ### Expected Behavior 1. The System button should be hidden from the menu for users who lack permission to access the settings page. 2. If a user without permission navigates directly to the settings URL, the system should either redirect them cleanly or display an appropriate "Unauthorized" message, without triggering any internal errors. ### Steps to Reproduce 1) Login no admin user 2) Click settings in the main menu ### Printer Model X1 Carbon ### Bambuddy Version - ### Printer Firmware Version - ### Installation Method Manual (git clone) ### Operating System Linux (Ubuntu/Debian) ### Relevant Logs / Support Package ```shell - ``` ### Screenshots - ### Additional Context - ### Checklist - [x] I have searched existing issues to ensure this bug hasn't already been reported - [x] I am using the latest version of Bambuddy - [x] My printer is set to LAN Only mode - [x] My printer has Developer Mode enabled
BreizhHardware 2026-05-07 00:09:08 +02:00
  • closed this issue
  • added the
    bug
         label
BreizhHardware commented 2026-05-07 00:09:09 +02:00
Author
Owner
Copy link

@maziggy commented on GitHub (Feb 28, 2026):

Cannot reproduce the error.

Image Image
<!-- gh-comment-id:3976739531 --> @maziggy commented on GitHub (Feb 28, 2026): Cannot reproduce the error. <img width="879" height="71" alt="Image" src="https://github.com/user-attachments/assets/b83a32a5-e512-4093-8ae7-90a40225074f" /> <img width="231" height="605" alt="Image" src="https://github.com/user-attachments/assets/953a9687-4705-4555-bb9b-7d4bc269c729" />
BreizhHardware commented 2026-05-07 00:09:09 +02:00
Author
Owner
Copy link

@aneopsy commented on GitHub (Feb 28, 2026):

Logged to user with only operator and viewer roles:

Image

When clicking on Settings
Image

Image

I cleared local storage, still have this issue

<!-- gh-comment-id:3976879351 --> @aneopsy commented on GitHub (Feb 28, 2026): Logged to user with only operator and viewer roles: <img width="285" height="946" alt="Image" src="https://github.com/user-attachments/assets/f13f0ed4-7fef-4b8b-981e-f5576267e9d7" /> When clicking on Settings <img width="763" height="300" alt="Image" src="https://github.com/user-attachments/assets/9c45133f-8e20-45c9-8ce3-5d0bfb113cc7" /> <img width="535" height="100" alt="Image" src="https://github.com/user-attachments/assets/68f48d47-b15f-4f46-8ba6-a122c8516935" /> I cleared local storage, still have this issue
BreizhHardware commented 2026-05-07 00:09:10 +02:00
Author
Owner
Copy link

@maziggy commented on GitHub (Feb 28, 2026):

I'm on branch 0.2.2b1.

<!-- gh-comment-id:3976891126 --> @maziggy commented on GitHub (Feb 28, 2026): I'm on branch 0.2.2b1.
BreizhHardware commented 2026-05-07 00:09:10 +02:00
Author
Owner
Copy link

@aneopsy commented on GitHub (Feb 28, 2026):

I'm on branch 0.2.2b1.

Same behavior on 0.2.2b1. I pulled from your repo, built the Docker image, and served it on my server.

Image
<!-- gh-comment-id:3976914236 --> @aneopsy commented on GitHub (Feb 28, 2026): > I'm on branch 0.2.2b1. Same behavior on 0.2.2b1. I pulled from your repo, built the Docker image, and served it on my server. <img width="256" height="965" alt="Image" src="https://github.com/user-attachments/assets/0a6b6615-d0b2-44b1-a5b8-0f1b7f909a26" />
BreizhHardware commented 2026-05-07 00:09:10 +02:00
Author
Owner
Copy link

@maziggy commented on GitHub (Feb 28, 2026):

Sorry, cannot reproduce at all.

Cache? Did you force a browser reload?

Any errror messages in logs or browser console?

<!-- gh-comment-id:3977009662 --> @maziggy commented on GitHub (Feb 28, 2026): Sorry, cannot reproduce at all. Cache? Did you force a browser reload? Any errror messages in logs or browser console?
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
github-repo-stats
bug-report-assets
dev
0.2.4b3
0.2.4b2
0.2.4b1
pr/1114
0.2.3.2
0.2.3.1
0.2.3
0.2.3b3
0.2.3b2
0.2.3b1
0.2.2.2
0.2.2.1
0.2.2b3
0.2.2
0.2.2b2
0.2.2b1
0.2.1.1
0.2.1
0.2.1b3
0.2.1b2
0.2.1b
0.2.0
0.2.0b
0.1.5-2-ctrl
v0.2.4b4-daily.20260508
v0.2.4b2
v0.2.4b3
v0.2.4b1
v0.2.3.2
v0.2.3.1
v0.2.3
v0.2.3b3
v0.2.3b2
v0.2.3b1-daily.20260407
v0.2.3b1
v0.2.2.2
v0.2.2.1
v0.2.3b1-daily.20260318
v0.2.3b1-daily.20260317
v0.2.3b1-daily.20260316
v0.2.2
v0.2.2b4-daily.20260314
v0.2.2b4-daily.20260313
v0.2.2b3-daily.20260312
v0.2.2b3-1
v0.2.2b2
v0.2.2-b2
v0.2.2b3
v0.2.2-b1
v0.2.2b1
v0.2.1.1
v0.2.1
v0.2.1b3
v0.2.1b2
v0.2.1b
v0.2.0
v0.1.9
v0.1.8.1
v0.1.8
v0.1.7
v0.1.6.2
v0.1.6.1
v0.1.6-hotfix
v0.1.6
v0.1.6b11
v0.1.6b10
v0.1.6b9
v0.1.6b8
v0.1.6b7
v0.1.6b6
v0.1.6b5
v0.1.6b4
v0.1.6b3
v0.1.6b2
v0.1.6b
v0.1.5-final
v0.1.5b7
v0.1.5b6
v0.1.5b5
v0.1.5b4
v0.1.5b3
v0.1.5b2
v0.1.5b
v0.1.4
v0.1.3
v0.1.2-bugfix
v0.1.2-final
v0.1.2
0.1.1
Labels
Clear labels   
A1

   
automated

   
automated

   
bug

   
bug

   
Closed due to inactivity

   
contrib

   
dependencies

   
dependencies

   
duplicate

   
enhancement

   
feedback

   
hold

   
invalid

   
Notes

   
P1S

   
pull-request
Mirrored from GitHub Pull Request

  
security

   
ThumbsUp

   
user-report

   
wontfix
No labels
A1
automated
automated
bug
bug
Closed due to inactivity
contrib
dependencies
dependencies
duplicate
enhancement
feedback
hold
invalid
Notes
P1S
pull-request
security
ThumbsUp
user-report
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/bambuddy-maziggy-1#356
No description provided.