fix(server): scoped permissions for more endpoints

chore: use context menu for user table (#25428 )
* chore: use context menu for user table * chore: reorder columns --------- Co-authored-by: Jason Rasmussen <jason@rasm.me>
2026-01-22 09:28:56 -08:00 · 2026-01-22 16:38:22 +01:00 · 2026-01-22 07:44:08 -05:00 · 2026-01-22 07:43:29 -05:00 · 2026-01-22 12:55:44 +01:00 · 2026-01-21 21:20:05 -05:00
19 changed files with 114 additions and 51 deletions
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -502,12 +502,7 @@ jobs:
      - name: Run e2e tests (web)
        env:
          CI: true
-        run: npx playwright test --project=chromium
-        if: ${{ !cancelled() }}
-      - name: Run ui tests (web)
-        env:
-          CI: true
-        run: npx playwright test --project=ui
+        run: npx playwright test
        if: ${{ !cancelled() }}
      - name: Archive test results
        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
--- a/e2e/playwright.config.ts
+++ b/e2e/playwright.config.ts
@@ -39,13 +39,13 @@ const config: PlaywrightTestConfig = {
      testMatch: /.*\.e2e-spec\.ts/,
      workers: 1,
    },
-    {
-      name: 'ui',
-      use: { ...devices['Desktop Chrome'] },
-      testMatch: /.*\.ui-spec\.ts/,
-      fullyParallel: true,
-      workers: process.env.CI ? 3 : Math.max(1, Math.round(cpus().length * 0.75) - 1),
-    },
+    // {
+    //   name: 'parallel tests',
+    //   use: { ...devices['Desktop Chrome'] },
+    //   testMatch: /.*\.parallel-e2e-spec\.ts/,
+    //   fullyParallel: true,
+    //   workers: process.env.CI ? 3 : Math.max(1, Math.round(cpus().length * 0.75) - 1),
+    // },

    // {
    //   name: 'firefox',
--- a/e2e/src/web/specs/asset-viewer/asset-viewer.parallel-e2e-spec.ts
+++ b/e2e/src/web/specs/asset-viewer/asset-viewer.parallel-e2e-spec.ts
--- a/e2e/src/web/specs/timeline/timeline.parallel-e2e-spec.ts
+++ b/e2e/src/web/specs/timeline/timeline.parallel-e2e-spec.ts
--- a/mobile/openapi/lib/model/permission.dart
+++ b/mobile/openapi/lib/model/permission.dart
@@ -82,6 +82,8 @@ class Permission {
  static const timelinePeriodRead = Permission._(r'timeline.read');
  static const timelinePeriodDownload = Permission._(r'timeline.download');
  static const maintenance = Permission._(r'maintenance');
+  static const mapPeriodRead = Permission._(r'map.read');
+  static const mapPeriodSearch = Permission._(r'map.search');
  static const memoryPeriodCreate = Permission._(r'memory.create');
  static const memoryPeriodRead = Permission._(r'memory.read');
  static const memoryPeriodUpdate = Permission._(r'memory.update');
@@ -166,6 +168,7 @@ class Permission {
  static const queueJobPeriodRead = Permission._(r'queueJob.read');
  static const queueJobPeriodUpdate = Permission._(r'queueJob.update');
  static const queueJobPeriodDelete = Permission._(r'queueJob.delete');
+  static const viewPeriodFolder = Permission._(r'view.folder');
  static const workflowPeriodCreate = Permission._(r'workflow.create');
  static const workflowPeriodRead = Permission._(r'workflow.read');
  static const workflowPeriodUpdate = Permission._(r'workflow.update');
@@ -238,6 +241,8 @@ class Permission {
    timelinePeriodRead,
    timelinePeriodDownload,
    maintenance,
+    mapPeriodRead,
+    mapPeriodSearch,
    memoryPeriodCreate,
    memoryPeriodRead,
    memoryPeriodUpdate,
@@ -322,6 +327,7 @@ class Permission {
    queueJobPeriodRead,
    queueJobPeriodUpdate,
    queueJobPeriodDelete,
+    viewPeriodFolder,
    workflowPeriodCreate,
    workflowPeriodRead,
    workflowPeriodUpdate,
@@ -429,6 +435,8 @@ class PermissionTypeTransformer {
        case r'timeline.read': return Permission.timelinePeriodRead;
        case r'timeline.download': return Permission.timelinePeriodDownload;
        case r'maintenance': return Permission.maintenance;
+        case r'map.read': return Permission.mapPeriodRead;
+        case r'map.search': return Permission.mapPeriodSearch;
        case r'memory.create': return Permission.memoryPeriodCreate;
        case r'memory.read': return Permission.memoryPeriodRead;
        case r'memory.update': return Permission.memoryPeriodUpdate;
@@ -513,6 +521,7 @@ class PermissionTypeTransformer {
        case r'queueJob.read': return Permission.queueJobPeriodRead;
        case r'queueJob.update': return Permission.queueJobPeriodUpdate;
        case r'queueJob.delete': return Permission.queueJobPeriodDelete;
+        case r'view.folder': return Permission.viewPeriodFolder;
        case r'workflow.create': return Permission.workflowPeriodCreate;
        case r'workflow.read': return Permission.workflowPeriodRead;
        case r'workflow.update': return Permission.workflowPeriodUpdate;
--- a/open-api/immich-openapi-specs.json
+++ b/open-api/immich-openapi-specs.json
@@ -3173,6 +3173,7 @@
            "state": "Stable"
          }
        ],
+        "x-immich-permission": "asset.upload",
        "x-immich-state": "Stable"
      }
    },
@@ -3225,6 +3226,7 @@
            "state": "Stable"
          }
        ],
+        "x-immich-permission": "job.create",
        "x-immich-state": "Stable"
      }
    },
@@ -6305,6 +6307,7 @@
            "state": "Stable"
          }
        ],
+        "x-immich-permission": "map.read",
        "x-immich-state": "Stable"
      }
    },
@@ -6376,6 +6379,7 @@
            "state": "Stable"
          }
        ],
+        "x-immich-permission": "map.search",
        "x-immich-state": "Stable"
      }
    },
@@ -14616,6 +14620,7 @@
            "state": "Stable"
          }
        ],
+        "x-immich-permission": "view.folder",
        "x-immich-state": "Stable"
      }
    },
@@ -14668,6 +14673,7 @@
            "state": "Stable"
          }
        ],
+        "x-immich-permission": "view.folder",
        "x-immich-state": "Stable"
      }
    },
@@ -18966,6 +18972,8 @@
          "timeline.read",
          "timeline.download",
          "maintenance",
+          "map.read",
+          "map.search",
          "memory.create",
          "memory.read",
          "memory.update",
@@ -19050,6 +19058,7 @@
          "queueJob.read",
          "queueJob.update",
          "queueJob.delete",
+          "view.folder",
          "workflow.create",
          "workflow.read",
          "workflow.update",
--- a/open-api/typescript-sdk/src/fetch-client.ts
+++ b/open-api/typescript-sdk/src/fetch-client.ts
@@ -5534,6 +5534,8 @@ export enum Permission {
    TimelineRead = "timeline.read",
    TimelineDownload = "timeline.download",
    Maintenance = "maintenance",
+    MapRead = "map.read",
+    MapSearch = "map.search",
    MemoryCreate = "memory.create",
    MemoryRead = "memory.read",
    MemoryUpdate = "memory.update",
@@ -5618,6 +5620,7 @@ export enum Permission {
    QueueJobRead = "queueJob.read",
    QueueJobUpdate = "queueJob.update",
    QueueJobDelete = "queueJob.delete",
+    ViewFolder = "view.folder",
    WorkflowCreate = "workflow.create",
    WorkflowRead = "workflow.read",
    WorkflowUpdate = "workflow.update",
--- a/readme_i18n/README_de_DE.md
+++ b/readme_i18n/README_de_DE.md
@@ -38,11 +38,6 @@
  <a href="README_th_TH.md">ภาษาไทย</a>
 </p>

-## Warnung
-
- ⚠️ Das Projekt befindet sich in **sehr aktiver** Entwicklung.
- ⚠️ Gehe von möglichen Fehlern und von Änderungen mit Breaking-Changes aus.
- ⚠️ **Nutze die App auf keinen Fall als einziges Speichermedium für deine Fotos und Videos.**
 - ⚠️ Befolge immer die [3-2-1](https://www.backblaze.com/blog/the-3-2-1-backup-strategy/) Backup-Regel für deine wertvollen Fotos und Videos!

 > [!NOTE]
@@ -62,7 +57,7 @@

 ## Demo

-Die Web-Demo kannst Du unter https://demo.immich.app finden. Für die Handy-App kannst Du `https://demo.immich.app` als `Server Endpoint URL` angeben.
+Die Web-Demo kannst Du unter https://demo.immich.app finden. Für die Smartphone-App kannst Du `https://demo.immich.app` als `Server Endpoint URL` angeben.

 ### Login Daten

@@ -93,7 +88,7 @@ Die Web-Demo kannst Du unter https://demo.immich.app finden. Für die Handy-App
 | LivePhoto/MotionPhoto Sicherung und Wiedergabe       | Ja     | Ja    |
 | Unterstützung für 360-Grad-Bilder     	             | Nein   | Ja    |
 | Benutzerdefinierte Speicherstruktur                  | Ja     | Ja    |
-| Öffentliches Teilen                                  | Nein   | Ja    |
+| Öffentliches Teilen                                  | Ja     | Ja    |
 | Archiv und Favoriten                                 | Ja     | Ja    |
 | Globale Karte                                        | Ja     | Ja    |
 | Partnerfreigabe (Teilen)                             | Ja     | Ja    |
@@ -103,7 +98,7 @@ Die Web-Demo kannst Du unter https://demo.immich.app finden. Für die Handy-App
 | Schreibgeschützte Gallerie                           | Ja     | Ja    |
 | Gestapelte Bilder                                    | Ja     | Ja    |
 | Tags                                                 | Nein   | Ja    |
-| Ordner-Ansicht                                       | Nein   | Ja    |
+| Ordner-Ansicht                                       | Ja     | Ja    |


 ## Übersetzungen
--- a/server/src/controllers/asset-media.controller.ts
+++ b/server/src/controllers/asset-media.controller.ts
@@ -202,7 +202,7 @@ export class AssetMediaController {
  }

  @Post('exist')
-  @Authenticated()
+  @Authenticated({ permission: Permission.AssetUpload })
  @Endpoint({
    summary: 'Check existing assets',
    description: 'Checks if multiple assets exist on the server and returns all existing - used by background backup',
--- a/server/src/controllers/asset.controller.ts
+++ b/server/src/controllers/asset.controller.ts
@@ -66,7 +66,7 @@ export class AssetController {
  }

  @Post('jobs')
-  @Authenticated()
+  @Authenticated({ permission: Permission.JobCreate })
  @HttpCode(HttpStatus.NO_CONTENT)
  @Endpoint({
    summary: 'Run an asset job',
--- a/server/src/controllers/map.controller.ts
+++ b/server/src/controllers/map.controller.ts
@@ -8,7 +8,7 @@ import {
  MapReverseGeocodeDto,
  MapReverseGeocodeResponseDto,
 } from 'src/dtos/map.dto';
-import { ApiTag } from 'src/enum';
+import { ApiTag, Permission } from 'src/enum';
 import { Auth, Authenticated } from 'src/middleware/auth.guard';
 import { MapService } from 'src/services/map.service';

@@ -18,7 +18,7 @@ export class MapController {
  constructor(private service: MapService) {}

  @Get('markers')
-  @Authenticated()
+  @Authenticated({ permission: Permission.MapRead })
  @Endpoint({
    summary: 'Retrieve map markers',
    description: 'Retrieve a list of latitude and longitude coordinates for every asset with location data.',
@@ -28,8 +28,8 @@ export class MapController {
    return this.service.getMapMarkers(auth, options);
  }

-  @Authenticated()
  @Get('reverse-geocode')
+  @Authenticated({ permission: Permission.MapSearch })
  @HttpCode(HttpStatus.OK)
  @Endpoint({
    summary: 'Reverse geocode coordinates',
--- a/server/src/controllers/view.controller.ts
+++ b/server/src/controllers/view.controller.ts
@@ -3,7 +3,7 @@ import { ApiTags } from '@nestjs/swagger';
 import { Endpoint, HistoryBuilder } from 'src/decorators';
 import { AssetResponseDto } from 'src/dtos/asset-response.dto';
 import { AuthDto } from 'src/dtos/auth.dto';
-import { ApiTag } from 'src/enum';
+import { ApiTag, Permission } from 'src/enum';
 import { Auth, Authenticated } from 'src/middleware/auth.guard';
 import { ViewService } from 'src/services/view.service';

@@ -13,7 +13,7 @@ export class ViewController {
  constructor(private service: ViewService) {}

  @Get('folder/unique-paths')
-  @Authenticated()
+  @Authenticated({ permission: Permission.ViewFolder })
  @Endpoint({
    summary: 'Retrieve unique paths',
    description: 'Retrieve a list of unique folder paths from asset original paths.',
@@ -24,7 +24,7 @@ export class ViewController {
  }

  @Get('folder')
-  @Authenticated()
+  @Authenticated({ permission: Permission.ViewFolder })
  @Endpoint({
    summary: 'Retrieve assets by original path',
    description: 'Retrieve assets that are children of a specific folder.',
--- a/server/src/enum.ts
+++ b/server/src/enum.ts
@@ -160,6 +160,9 @@ export enum Permission {

  Maintenance = 'maintenance',

+  MapRead = 'map.read',
+  MapSearch = 'map.search',
+
  MemoryCreate = 'memory.create',
  MemoryRead = 'memory.read',
  MemoryUpdate = 'memory.update',
@@ -267,6 +270,8 @@ export enum Permission {
  QueueJobUpdate = 'queueJob.update',
  QueueJobDelete = 'queueJob.delete',

+  ViewFolder = 'view.folder',
+
  WorkflowCreate = 'workflow.create',
  WorkflowRead = 'workflow.read',
  WorkflowUpdate = 'workflow.update',
--- a/server/src/services/tag.service.spec.ts
+++ b/server/src/services/tag.service.spec.ts
@@ -206,15 +206,15 @@ describe(TagService.name, () => {
        count: 6,
      });
      expect(mocks.asset.upsertExif).toHaveBeenCalledWith(
-        { assetId: 'asset-1', tags: ['tag-1', 'tag-2'] },
+        { assetId: 'asset-1', lockedProperties: ['tags'], tags: ['tag-1', 'tag-2'] },
        { lockedPropertiesBehavior: 'append' },
      );
      expect(mocks.asset.upsertExif).toHaveBeenCalledWith(
-        { assetId: 'asset-2', tags: ['tag-1', 'tag-2'] },
+        { assetId: 'asset-2', lockedProperties: ['tags'], tags: ['tag-1', 'tag-2'] },
        { lockedPropertiesBehavior: 'append' },
      );
      expect(mocks.asset.upsertExif).toHaveBeenCalledWith(
-        { assetId: 'asset-3', tags: ['tag-1', 'tag-2'] },
+        { assetId: 'asset-3', lockedProperties: ['tags'], tags: ['tag-1', 'tag-2'] },
        { lockedPropertiesBehavior: 'append' },
      );
      expect(mocks.tag.upsertAssetIds).toHaveBeenCalledWith([
@@ -255,11 +255,11 @@ describe(TagService.name, () => {
      ]);

      expect(mocks.asset.upsertExif).not.toHaveBeenCalledWith(
-        { assetId: 'asset-1', tags: ['tag-1'] },
+        { assetId: 'asset-1', lockedProperties: ['tags'], tags: ['tag-1'] },
        { lockedPropertiesBehavior: 'append' },
      );
      expect(mocks.asset.upsertExif).toHaveBeenCalledWith(
-        { assetId: 'asset-2', tags: ['tag-1'] },
+        { assetId: 'asset-2', lockedProperties: ['tags'], tags: ['tag-1'] },
        { lockedPropertiesBehavior: 'append' },
      );
      expect(mocks.tag.getAssetIds).toHaveBeenCalledWith('tag-1', ['asset-1', 'asset-2']);
--- a/server/src/services/tag.service.ts
+++ b/server/src/services/tag.service.ts
@@ -16,6 +16,7 @@ import { JobName, JobStatus, Permission, QueueName } from 'src/enum';
 import { TagAssetTable } from 'src/schema/tables/tag-asset.table';
 import { BaseService } from 'src/services/base.service';
 import { addAssets, removeAssets } from 'src/utils/asset.util';
+import { updateLockedColumns } from 'src/utils/database';
 import { upsertTags } from 'src/utils/tag';

@Injectable()
@@ -152,7 +153,7 @@ export class TagService extends BaseService {
  private async updateTags(assetId: string) {
    const asset = await this.assetRepository.getById(assetId, { tags: true });
    await this.assetRepository.upsertExif(
-      { assetId, tags: asset?.tags?.map(({ value }) => value) ?? [] },
+      updateLockedColumns({ assetId, tags: asset?.tags?.map(({ value }) => value) ?? [] }),
      { lockedPropertiesBehavior: 'append' },
    );
  }
--- a/server/test/medium/specs/services/tag.service.spec.ts
+++ b/server/test/medium/specs/services/tag.service.spec.ts
@@ -1,12 +1,15 @@
 import { Kysely } from 'kysely';
 import { JobStatus } from 'src/enum';
 import { AccessRepository } from 'src/repositories/access.repository';
+import { AssetRepository } from 'src/repositories/asset.repository';
+import { EventRepository } from 'src/repositories/event.repository';
 import { LoggingRepository } from 'src/repositories/logging.repository';
 import { TagRepository } from 'src/repositories/tag.repository';
 import { DB } from 'src/schema';
 import { TagService } from 'src/services/tag.service';
 import { upsertTags } from 'src/utils/tag';
 import { newMediumService } from 'test/medium.factory';
+import { factory } from 'test/small.factory';
 import { getKyselyDB } from 'test/utils';

 let defaultDatabase: Kysely<DB>;
@@ -14,8 +17,8 @@ let defaultDatabase: Kysely<DB>;
 const setup = (db?: Kysely<DB>) => {
  return newMediumService(TagService, {
    database: db || defaultDatabase,
-    real: [TagRepository, AccessRepository],
-    mock: [LoggingRepository],
+    real: [AssetRepository, TagRepository, AccessRepository],
+    mock: [EventRepository, LoggingRepository],
  });
 };

@@ -24,6 +27,32 @@ beforeAll(async () => {
 });

 describe(TagService.name, () => {
+  describe('addAssets', () => {
+    it('should lock exif column', async () => {
+      const { sut, ctx } = setup();
+      ctx.getMock(EventRepository).emit.mockResolvedValue();
+      const { user } = await ctx.newUser();
+      const { asset } = await ctx.newAsset({ ownerId: user.id });
+      const [tag] = await upsertTags(ctx.get(TagRepository), { userId: user.id, tags: ['tag-1'] });
+      const authDto = factory.auth({ user });
+
+      await sut.addAssets(authDto, tag.id, { ids: [asset.id] });
+      await expect(
+        ctx.database
+          .selectFrom('asset_exif')
+          .select(['lockedProperties', 'tags'])
+          .where('assetId', '=', asset.id)
+          .executeTakeFirstOrThrow(),
+      ).resolves.toEqual({
+        lockedProperties: ['tags'],
+        tags: ['tag-1'],
+      });
+      await expect(ctx.get(TagRepository).getByValue(user.id, 'tag-1')).resolves.toEqual(
+        expect.objectContaining({ id: tag.id }),
+      );
+      await expect(ctx.get(TagRepository).getAssetIds(tag.id, [asset.id])).resolves.toContain(asset.id);
+    });
+  });
  describe('deleteEmptyTags', () => {
    it('single tag exists, not connected to any assets, and is deleted', async () => {
      const { sut, ctx } = setup();
--- a/web/src/lib/services/user-admin.service.ts
+++ b/web/src/lib/services/user-admin.service.ts
@@ -23,6 +23,7 @@ import {
 import { modalManager, toastManager, type ActionItem } from '@immich/ui';
 import {
  mdiDeleteRestore,
+  mdiInformationOutline,
  mdiLockReset,
  mdiLockSmart,
  mdiPencilOutline,
@@ -46,6 +47,12 @@ export const getUserAdminsActions = ($t: MessageFormatter) => {
 };

 export const getUserAdminActions = ($t: MessageFormatter, user: UserAdminResponseDto) => {
+  const Detail: ActionItem = {
+    icon: mdiInformationOutline,
+    title: $t('details'),
+    onAction: () => goto(Route.viewUser(user)),
+  };
+
  const Update: ActionItem = {
    icon: mdiPencilOutline,
    title: $t('edit'),
@@ -92,7 +99,7 @@ export const getUserAdminActions = ($t: MessageFormatter, user: UserAdminRespons
    onAction: () => handleResetPinCodeUserAdmin(user),
  };

-  return { Update, Delete, Restore, ResetPassword, ResetPinCode };
+  return { Detail, Update, Delete, Restore, ResetPassword, ResetPinCode };
 };

 export const handleCreateUserAdmin = async (dto: UserAdminCreateDto) => {
--- a/web/src/routes/admin/users/(list)/+layout.svelte
+++ b/web/src/routes/admin/users/(list)/+layout.svelte
@@ -1,15 +1,18 @@
 <script lang="ts">
  import AdminPageLayout from '$lib/components/layouts/AdminPageLayout.svelte';
  import OnEvents from '$lib/components/OnEvents.svelte';
-  import { getUserAdminsActions, handleNavigateUserAdmin } from '$lib/services/user-admin.service';
+  import { Route } from '$lib/route';
+  import { getUserAdminActions, getUserAdminsActions } from '$lib/services/user-admin.service';
  import { locale } from '$lib/stores/preferences.store';
  import { getByteUnitString } from '$lib/utils/byte-units';
  import { searchUsersAdmin, type UserAdminResponseDto } from '@immich/sdk';
  import {
-    Button,
    CommandPaletteDefaultProvider,
    Container,
+    ContextMenuButton,
    Icon,
+    Link,
+    MenuItemType,
    Table,
    TableBody,
    TableCell,
@@ -46,11 +49,16 @@

  const { Create } = $derived(getUserAdminsActions($t));

+  const getActionsForUser = (user: UserAdminResponseDto) => {
+    const { Detail, Update, Delete, ResetPassword, ResetPinCode } = getUserAdminActions($t, user);
+    return [Detail, Update, ResetPassword, ResetPinCode, MenuItemType.Divider, Delete];
+  };
+
  const classes = {
-    column1: 'w-8/12 sm:w-5/12 lg:w-6/12 xl:w-4/12 2xl:w-5/12',
-    column2: 'hidden sm:block w-3/12',
-    column3: 'hidden xl:block w-3/12 2xl:w-2/12',
-    column4: 'w-4/12 lg:w-3/12 xl:w-2/12',
+    column1: 'w-8/12 md:w-5/12 lg:w-4/12',
+    column2: 'hidden md:block md:w-5/12 lg:w-4/12',
+    column3: 'hidden lg:block lg:w-2/12',
+    column4: 'w-4/12 md:w-2/12 flex justify-end',
  };
 </script>

@@ -68,16 +76,18 @@
  <Container center size="large">
    <Table class="mt-4" striped spacing="small" size="small">
      <TableHeader>
-        <TableHeading class={classes.column1}>{$t('email')}</TableHeading>
-        <TableHeading class={classes.column2}>{$t('name')}</TableHeading>
+        <TableHeading class={classes.column1}>{$t('name')}</TableHeading>
+        <TableHeading class={classes.column2}>{$t('email')}</TableHeading>
        <TableHeading class={classes.column3}>{$t('has_quota')}</TableHeading>
      </TableHeader>

      <TableBody>
        {#each users as user (user.id)}
          <TableRow color={user.deletedAt ? 'danger' : undefined}>
-            <TableCell class={classes.column1}>{user.email}</TableCell>
-            <TableCell class={classes.column2}>{user.name}</TableCell>
+            <TableCell class={classes.column1}>
+              <Link href={Route.viewUser(user)}>{user.name}</Link>
+            </TableCell>
+            <TableCell class={classes.column2}>{user.email}</TableCell>
            <TableCell class={classes.column3}>
              <div class="container mx-auto flex flex-wrap justify-center">
                {#if user.quotaSizeInBytes !== null && user.quotaSizeInBytes >= 0}
@@ -88,7 +98,7 @@
              </div>
            </TableCell>
            <TableCell class={classes.column4}>
-              <Button onclick={() => handleNavigateUserAdmin(user)}>{$t('view')}</Button>
+              <ContextMenuButton color="primary" aria-label={$t('open')} items={getActionsForUser(user)} />
            </TableCell>
          </TableRow>
        {/each}
--- a/web/src/routes/admin/users/[id]/+layout.svelte
+++ b/web/src/routes/admin/users/[id]/+layout.svelte
@@ -198,8 +198,8 @@
              })}
            >
              <p class="font-medium text-immich-dark-gray dark:text-white mb-2">{$t('storage')}</p>
-              <div class="mt-4 h-[7px] w-full rounded-full bg-gray-200 dark:bg-gray-700">
-                <div class="h-[7px] rounded-full {getUsageClass()}" style="width: {usedPercentage}%"></div>
+              <div class="mt-4 h-1.75 w-full rounded-full bg-gray-200 dark:bg-gray-700">
+                <div class="h-1.75 rounded-full {getUsageClass()}" style="width: {usedPercentage}%"></div>
              </div>
            </div>
          {/if}
Author	SHA1	Message	Date
Mees Frensel	5404ebe034	fix(server): scoped permissions for more endpoints	2026-01-22 16:38:22 +01:00
Alex	7cbfc12e0d	chore: use context menu for user table (#25428 ) * chore: use context menu for user table * chore: reorder columns --------- Co-authored-by: Jason Rasmussen <jason@rasm.me>	2026-01-22 07:44:08 -05:00
Mees Frensel	c320146538	fix: add scoped API permissions to map endpoints (#25423 )	2026-01-22 07:43:29 -05:00
solluh	3304c8efd8	docs: update README_de_DE.md (#25443 )	2026-01-22 12:55:44 +01:00
Daniel Dietzler	2dcb4efc40	fix: lock tags column on update (#25435 )	2026-01-21 21:20:05 -05:00