fix: add a sequence column to asset edits

fix(web): don't show ocr button on panoramas (#25450 )
chore: revert mise-action bump (#25451 )
2026-01-22 09:28:56 -08:00 · 2026-01-22 11:14:01 -06:00 · 2026-01-22 10:07:05 -06:00 · 2026-01-22 16:53:14 +01:00 · 2026-01-22 07:44:08 -05:00 · 2026-01-22 07:43:29 -05:00
18 changed files with 107 additions and 36 deletions
--- a/.github/workflows/docs-deploy.yml
+++ b/.github/workflows/docs-deploy.yml
@@ -131,7 +131,7 @@ jobs:
          token: ${{ steps.token.outputs.token }}

      - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@b868e6e7c8cc212beec876330b4059e661ee44bb # use-mise-action-v1.1.1
+        uses: immich-app/devtools/actions/use-mise@cd24790a7f5f6439ac32cc94f5523cb2de8bfa8c # use-mise-action-v1.1.0

      - name: Load parameters
        id: parameters
--- a/.github/workflows/docs-destroy.yml
+++ b/.github/workflows/docs-destroy.yml
@@ -29,7 +29,7 @@ jobs:
          token: ${{ steps.token.outputs.token }}

      - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@b868e6e7c8cc212beec876330b4059e661ee44bb # use-mise-action-v1.1.1
+        uses: immich-app/devtools/actions/use-mise@cd24790a7f5f6439ac32cc94f5523cb2de8bfa8c # use-mise-action-v1.1.0

      - name: Destroy Docs Subdomain
        env:
--- a/mobile/openapi/lib/model/permission.dart
+++ b/mobile/openapi/lib/model/permission.dart
@@ -82,6 +82,8 @@ class Permission {
  static const timelinePeriodRead = Permission._(r'timeline.read');
  static const timelinePeriodDownload = Permission._(r'timeline.download');
  static const maintenance = Permission._(r'maintenance');
+  static const mapPeriodRead = Permission._(r'map.read');
+  static const mapPeriodSearch = Permission._(r'map.search');
  static const memoryPeriodCreate = Permission._(r'memory.create');
  static const memoryPeriodRead = Permission._(r'memory.read');
  static const memoryPeriodUpdate = Permission._(r'memory.update');
@@ -238,6 +240,8 @@ class Permission {
    timelinePeriodRead,
    timelinePeriodDownload,
    maintenance,
+    mapPeriodRead,
+    mapPeriodSearch,
    memoryPeriodCreate,
    memoryPeriodRead,
    memoryPeriodUpdate,
@@ -429,6 +433,8 @@ class PermissionTypeTransformer {
        case r'timeline.read': return Permission.timelinePeriodRead;
        case r'timeline.download': return Permission.timelinePeriodDownload;
        case r'maintenance': return Permission.maintenance;
+        case r'map.read': return Permission.mapPeriodRead;
+        case r'map.search': return Permission.mapPeriodSearch;
        case r'memory.create': return Permission.memoryPeriodCreate;
        case r'memory.read': return Permission.memoryPeriodRead;
        case r'memory.update': return Permission.memoryPeriodUpdate;
--- a/open-api/immich-openapi-specs.json
+++ b/open-api/immich-openapi-specs.json
@@ -6305,6 +6305,7 @@
            "state": "Stable"
          }
        ],
+        "x-immich-permission": "map.read",
        "x-immich-state": "Stable"
      }
    },
@@ -6376,6 +6377,7 @@
            "state": "Stable"
          }
        ],
+        "x-immich-permission": "map.search",
        "x-immich-state": "Stable"
      }
    },
@@ -18966,6 +18968,8 @@
          "timeline.read",
          "timeline.download",
          "maintenance",
+          "map.read",
+          "map.search",
          "memory.create",
          "memory.read",
          "memory.update",
--- a/open-api/typescript-sdk/src/fetch-client.ts
+++ b/open-api/typescript-sdk/src/fetch-client.ts
@@ -5534,6 +5534,8 @@ export enum Permission {
    TimelineRead = "timeline.read",
    TimelineDownload = "timeline.download",
    Maintenance = "maintenance",
+    MapRead = "map.read",
+    MapSearch = "map.search",
    MemoryCreate = "memory.create",
    MemoryRead = "memory.read",
    MemoryUpdate = "memory.update",
--- a/readme_i18n/README_de_DE.md
+++ b/readme_i18n/README_de_DE.md
@@ -38,11 +38,6 @@
  <a href="README_th_TH.md">ภาษาไทย</a>
 </p>

-## Warnung
-
- ⚠️ Das Projekt befindet sich in **sehr aktiver** Entwicklung.
- ⚠️ Gehe von möglichen Fehlern und von Änderungen mit Breaking-Changes aus.
- ⚠️ **Nutze die App auf keinen Fall als einziges Speichermedium für deine Fotos und Videos.**
 - ⚠️ Befolge immer die [3-2-1](https://www.backblaze.com/blog/the-3-2-1-backup-strategy/) Backup-Regel für deine wertvollen Fotos und Videos!

 > [!NOTE]
@@ -62,7 +57,7 @@

 ## Demo

-Die Web-Demo kannst Du unter https://demo.immich.app finden. Für die Handy-App kannst Du `https://demo.immich.app` als `Server Endpoint URL` angeben.
+Die Web-Demo kannst Du unter https://demo.immich.app finden. Für die Smartphone-App kannst Du `https://demo.immich.app` als `Server Endpoint URL` angeben.

 ### Login Daten

@@ -93,7 +88,7 @@ Die Web-Demo kannst Du unter https://demo.immich.app finden. Für die Handy-App
 | LivePhoto/MotionPhoto Sicherung und Wiedergabe       | Ja     | Ja    |
 | Unterstützung für 360-Grad-Bilder     	             | Nein   | Ja    |
 | Benutzerdefinierte Speicherstruktur                  | Ja     | Ja    |
-| Öffentliches Teilen                                  | Nein   | Ja    |
+| Öffentliches Teilen                                  | Ja     | Ja    |
 | Archiv und Favoriten                                 | Ja     | Ja    |
 | Globale Karte                                        | Ja     | Ja    |
 | Partnerfreigabe (Teilen)                             | Ja     | Ja    |
@@ -103,7 +98,7 @@ Die Web-Demo kannst Du unter https://demo.immich.app finden. Für die Handy-App
 | Schreibgeschützte Gallerie                           | Ja     | Ja    |
 | Gestapelte Bilder                                    | Ja     | Ja    |
 | Tags                                                 | Nein   | Ja    |
-| Ordner-Ansicht                                       | Nein   | Ja    |
+| Ordner-Ansicht                                       | Ja     | Ja    |


 ## Übersetzungen
--- a/server/src/controllers/map.controller.ts
+++ b/server/src/controllers/map.controller.ts
@@ -8,7 +8,7 @@ import {
  MapReverseGeocodeDto,
  MapReverseGeocodeResponseDto,
 } from 'src/dtos/map.dto';
-import { ApiTag } from 'src/enum';
+import { ApiTag, Permission } from 'src/enum';
 import { Auth, Authenticated } from 'src/middleware/auth.guard';
 import { MapService } from 'src/services/map.service';

@@ -18,7 +18,7 @@ export class MapController {
  constructor(private service: MapService) {}

  @Get('markers')
-  @Authenticated()
+  @Authenticated({ permission: Permission.MapRead })
  @Endpoint({
    summary: 'Retrieve map markers',
    description: 'Retrieve a list of latitude and longitude coordinates for every asset with location data.',
@@ -28,8 +28,8 @@ export class MapController {
    return this.service.getMapMarkers(auth, options);
  }

-  @Authenticated()
  @Get('reverse-geocode')
+  @Authenticated({ permission: Permission.MapSearch })
  @HttpCode(HttpStatus.OK)
  @Endpoint({
    summary: 'Reverse geocode coordinates',
--- a/server/src/enum.ts
+++ b/server/src/enum.ts
@@ -160,6 +160,9 @@ export enum Permission {

  Maintenance = 'maintenance',

+  MapRead = 'map.read',
+  MapSearch = 'map.search',
+
  MemoryCreate = 'memory.create',
  MemoryRead = 'memory.read',
  MemoryUpdate = 'memory.update',
--- a/server/src/repositories/asset-edit.repository.ts
+++ b/server/src/repositories/asset-edit.repository.ts
@@ -19,7 +19,7 @@ export class AssetEditRepository {
      if (edits.length > 0) {
        return trx
          .insertInto('asset_edit')
-          .values(edits.map((edit) => ({ assetId, ...edit })))
+          .values(edits.map((edit, i) => ({ assetId, ...edit, sequence: i })))
          .returning(['action', 'parameters'])
          .execute() as Promise<AssetEditActionItem[]>;
      }
@@ -36,6 +36,7 @@ export class AssetEditRepository {
      .selectFrom('asset_edit')
      .select(['action', 'parameters'])
      .where('assetId', '=', assetId)
+      .orderBy('sequence', 'asc')
      .execute() as Promise<AssetEditActionItem[]>;
  }
 }
--- a/server/src/schema/migrations/1769101562085-AddSequenceToAssetEdits.ts
+++ b/server/src/schema/migrations/1769101562085-AddSequenceToAssetEdits.ts
@@ -0,0 +1,9 @@
+import { Kysely, sql } from 'kysely';
+
+export async function up(db: Kysely<any>): Promise<void> {
+  await sql`ALTER TABLE "asset_edit" ADD "sequence" integer NOT NULL DEFAULT 0;`.execute(db);
+}
+
+export async function down(db: Kysely<any>): Promise<void> {
+  await sql`ALTER TABLE "asset_edit" DROP COLUMN "sequence";`.execute(db);
+}
--- a/server/src/schema/tables/asset-edit.table.ts
+++ b/server/src/schema/tables/asset-edit.table.ts
@@ -31,4 +31,7 @@ export class AssetEditTable<T extends AssetEditAction = AssetEditAction> {

  @Column({ type: 'jsonb' })
  parameters!: AssetEditActionParameter[T];
+
+  @Column({ type: 'integer', default: 0 })
+  sequence!: number;
 }
--- a/server/src/services/tag.service.spec.ts
+++ b/server/src/services/tag.service.spec.ts
@@ -206,15 +206,15 @@ describe(TagService.name, () => {
        count: 6,
      });
      expect(mocks.asset.upsertExif).toHaveBeenCalledWith(
-        { assetId: 'asset-1', tags: ['tag-1', 'tag-2'] },
+        { assetId: 'asset-1', lockedProperties: ['tags'], tags: ['tag-1', 'tag-2'] },
        { lockedPropertiesBehavior: 'append' },
      );
      expect(mocks.asset.upsertExif).toHaveBeenCalledWith(
-        { assetId: 'asset-2', tags: ['tag-1', 'tag-2'] },
+        { assetId: 'asset-2', lockedProperties: ['tags'], tags: ['tag-1', 'tag-2'] },
        { lockedPropertiesBehavior: 'append' },
      );
      expect(mocks.asset.upsertExif).toHaveBeenCalledWith(
-        { assetId: 'asset-3', tags: ['tag-1', 'tag-2'] },
+        { assetId: 'asset-3', lockedProperties: ['tags'], tags: ['tag-1', 'tag-2'] },
        { lockedPropertiesBehavior: 'append' },
      );
      expect(mocks.tag.upsertAssetIds).toHaveBeenCalledWith([
@@ -255,11 +255,11 @@ describe(TagService.name, () => {
      ]);

      expect(mocks.asset.upsertExif).not.toHaveBeenCalledWith(
-        { assetId: 'asset-1', tags: ['tag-1'] },
+        { assetId: 'asset-1', lockedProperties: ['tags'], tags: ['tag-1'] },
        { lockedPropertiesBehavior: 'append' },
      );
      expect(mocks.asset.upsertExif).toHaveBeenCalledWith(
-        { assetId: 'asset-2', tags: ['tag-1'] },
+        { assetId: 'asset-2', lockedProperties: ['tags'], tags: ['tag-1'] },
        { lockedPropertiesBehavior: 'append' },
      );
      expect(mocks.tag.getAssetIds).toHaveBeenCalledWith('tag-1', ['asset-1', 'asset-2']);
--- a/server/src/services/tag.service.ts
+++ b/server/src/services/tag.service.ts
@@ -16,6 +16,7 @@ import { JobName, JobStatus, Permission, QueueName } from 'src/enum';
 import { TagAssetTable } from 'src/schema/tables/tag-asset.table';
 import { BaseService } from 'src/services/base.service';
 import { addAssets, removeAssets } from 'src/utils/asset.util';
+import { updateLockedColumns } from 'src/utils/database';
 import { upsertTags } from 'src/utils/tag';

@Injectable()
@@ -152,7 +153,7 @@ export class TagService extends BaseService {
  private async updateTags(assetId: string) {
    const asset = await this.assetRepository.getById(assetId, { tags: true });
    await this.assetRepository.upsertExif(
-      { assetId, tags: asset?.tags?.map(({ value }) => value) ?? [] },
+      updateLockedColumns({ assetId, tags: asset?.tags?.map(({ value }) => value) ?? [] }),
      { lockedPropertiesBehavior: 'append' },
    );
  }
--- a/server/test/medium/specs/services/tag.service.spec.ts
+++ b/server/test/medium/specs/services/tag.service.spec.ts
@@ -1,12 +1,15 @@
 import { Kysely } from 'kysely';
 import { JobStatus } from 'src/enum';
 import { AccessRepository } from 'src/repositories/access.repository';
+import { AssetRepository } from 'src/repositories/asset.repository';
+import { EventRepository } from 'src/repositories/event.repository';
 import { LoggingRepository } from 'src/repositories/logging.repository';
 import { TagRepository } from 'src/repositories/tag.repository';
 import { DB } from 'src/schema';
 import { TagService } from 'src/services/tag.service';
 import { upsertTags } from 'src/utils/tag';
 import { newMediumService } from 'test/medium.factory';
+import { factory } from 'test/small.factory';
 import { getKyselyDB } from 'test/utils';

 let defaultDatabase: Kysely<DB>;
@@ -14,8 +17,8 @@ let defaultDatabase: Kysely<DB>;
 const setup = (db?: Kysely<DB>) => {
  return newMediumService(TagService, {
    database: db || defaultDatabase,
-    real: [TagRepository, AccessRepository],
-    mock: [LoggingRepository],
+    real: [AssetRepository, TagRepository, AccessRepository],
+    mock: [EventRepository, LoggingRepository],
  });
 };

@@ -24,6 +27,32 @@ beforeAll(async () => {
 });

 describe(TagService.name, () => {
+  describe('addAssets', () => {
+    it('should lock exif column', async () => {
+      const { sut, ctx } = setup();
+      ctx.getMock(EventRepository).emit.mockResolvedValue();
+      const { user } = await ctx.newUser();
+      const { asset } = await ctx.newAsset({ ownerId: user.id });
+      const [tag] = await upsertTags(ctx.get(TagRepository), { userId: user.id, tags: ['tag-1'] });
+      const authDto = factory.auth({ user });
+
+      await sut.addAssets(authDto, tag.id, { ids: [asset.id] });
+      await expect(
+        ctx.database
+          .selectFrom('asset_exif')
+          .select(['lockedProperties', 'tags'])
+          .where('assetId', '=', asset.id)
+          .executeTakeFirstOrThrow(),
+      ).resolves.toEqual({
+        lockedProperties: ['tags'],
+        tags: ['tag-1'],
+      });
+      await expect(ctx.get(TagRepository).getByValue(user.id, 'tag-1')).resolves.toEqual(
+        expect.objectContaining({ id: tag.id }),
+      );
+      await expect(ctx.get(TagRepository).getAssetIds(tag.id, [asset.id])).resolves.toContain(asset.id);
+    });
+  });
  describe('deleteEmptyTags', () => {
    it('single tag exists, not connected to any assets, and is deleted', async () => {
      const { sut, ctx } = setup();
--- a/web/src/lib/components/asset-viewer/asset-viewer.svelte
+++ b/web/src/lib/components/asset-viewer/asset-viewer.svelte
@@ -431,6 +431,7 @@
  const showOcrButton = $derived(
    $slideshowState === SlideshowState.None &&
      asset.type === AssetTypeEnum.Image &&
+      !(asset.exifInfo?.projectionType === 'EQUIRECTANGULAR') &&
      !isShowEditor &&
      ocrManager.hasOcrData,
  );
--- a/web/src/lib/services/user-admin.service.ts
+++ b/web/src/lib/services/user-admin.service.ts
@@ -23,6 +23,7 @@ import {
 import { modalManager, toastManager, type ActionItem } from '@immich/ui';
 import {
  mdiDeleteRestore,
+  mdiInformationOutline,
  mdiLockReset,
  mdiLockSmart,
  mdiPencilOutline,
@@ -46,6 +47,12 @@ export const getUserAdminsActions = ($t: MessageFormatter) => {
 };

 export const getUserAdminActions = ($t: MessageFormatter, user: UserAdminResponseDto) => {
+  const Detail: ActionItem = {
+    icon: mdiInformationOutline,
+    title: $t('details'),
+    onAction: () => goto(Route.viewUser(user)),
+  };
+
  const Update: ActionItem = {
    icon: mdiPencilOutline,
    title: $t('edit'),
@@ -92,7 +99,7 @@ export const getUserAdminActions = ($t: MessageFormatter, user: UserAdminRespons
    onAction: () => handleResetPinCodeUserAdmin(user),
  };

-  return { Update, Delete, Restore, ResetPassword, ResetPinCode };
+  return { Detail, Update, Delete, Restore, ResetPassword, ResetPinCode };
 };

 export const handleCreateUserAdmin = async (dto: UserAdminCreateDto) => {
--- a/web/src/routes/admin/users/(list)/+layout.svelte
+++ b/web/src/routes/admin/users/(list)/+layout.svelte
@@ -1,15 +1,18 @@
 <script lang="ts">
  import AdminPageLayout from '$lib/components/layouts/AdminPageLayout.svelte';
  import OnEvents from '$lib/components/OnEvents.svelte';
-  import { getUserAdminsActions, handleNavigateUserAdmin } from '$lib/services/user-admin.service';
+  import { Route } from '$lib/route';
+  import { getUserAdminActions, getUserAdminsActions } from '$lib/services/user-admin.service';
  import { locale } from '$lib/stores/preferences.store';
  import { getByteUnitString } from '$lib/utils/byte-units';
  import { searchUsersAdmin, type UserAdminResponseDto } from '@immich/sdk';
  import {
-    Button,
    CommandPaletteDefaultProvider,
    Container,
+    ContextMenuButton,
    Icon,
+    Link,
+    MenuItemType,
    Table,
    TableBody,
    TableCell,
@@ -46,11 +49,16 @@

  const { Create } = $derived(getUserAdminsActions($t));

+  const getActionsForUser = (user: UserAdminResponseDto) => {
+    const { Detail, Update, Delete, ResetPassword, ResetPinCode } = getUserAdminActions($t, user);
+    return [Detail, Update, ResetPassword, ResetPinCode, MenuItemType.Divider, Delete];
+  };
+
  const classes = {
-    column1: 'w-8/12 sm:w-5/12 lg:w-6/12 xl:w-4/12 2xl:w-5/12',
-    column2: 'hidden sm:block w-3/12',
-    column3: 'hidden xl:block w-3/12 2xl:w-2/12',
-    column4: 'w-4/12 lg:w-3/12 xl:w-2/12',
+    column1: 'w-8/12 md:w-5/12 lg:w-4/12',
+    column2: 'hidden md:block md:w-5/12 lg:w-4/12',
+    column3: 'hidden lg:block lg:w-2/12',
+    column4: 'w-4/12 md:w-2/12 flex justify-end',
  };
 </script>

@@ -68,16 +76,18 @@
  <Container center size="large">
    <Table class="mt-4" striped spacing="small" size="small">
      <TableHeader>
-        <TableHeading class={classes.column1}>{$t('email')}</TableHeading>
-        <TableHeading class={classes.column2}>{$t('name')}</TableHeading>
+        <TableHeading class={classes.column1}>{$t('name')}</TableHeading>
+        <TableHeading class={classes.column2}>{$t('email')}</TableHeading>
        <TableHeading class={classes.column3}>{$t('has_quota')}</TableHeading>
      </TableHeader>

      <TableBody>
        {#each users as user (user.id)}
          <TableRow color={user.deletedAt ? 'danger' : undefined}>
-            <TableCell class={classes.column1}>{user.email}</TableCell>
-            <TableCell class={classes.column2}>{user.name}</TableCell>
+            <TableCell class={classes.column1}>
+              <Link href={Route.viewUser(user)}>{user.name}</Link>
+            </TableCell>
+            <TableCell class={classes.column2}>{user.email}</TableCell>
            <TableCell class={classes.column3}>
              <div class="container mx-auto flex flex-wrap justify-center">
                {#if user.quotaSizeInBytes !== null && user.quotaSizeInBytes >= 0}
@@ -88,7 +98,7 @@
              </div>
            </TableCell>
            <TableCell class={classes.column4}>
-              <Button onclick={() => handleNavigateUserAdmin(user)}>{$t('view')}</Button>
+              <ContextMenuButton color="primary" aria-label={$t('open')} items={getActionsForUser(user)} />
            </TableCell>
          </TableRow>
        {/each}
--- a/web/src/routes/admin/users/[id]/+layout.svelte
+++ b/web/src/routes/admin/users/[id]/+layout.svelte
@@ -198,8 +198,8 @@
              })}
            >
              <p class="font-medium text-immich-dark-gray dark:text-white mb-2">{$t('storage')}</p>
-              <div class="mt-4 h-[7px] w-full rounded-full bg-gray-200 dark:bg-gray-700">
-                <div class="h-[7px] rounded-full {getUsageClass()}" style="width: {usedPercentage}%"></div>
+              <div class="mt-4 h-1.75 w-full rounded-full bg-gray-200 dark:bg-gray-700">
+                <div class="h-1.75 rounded-full {getUsageClass()}" style="width: {usedPercentage}%"></div>
              </div>
            </div>
          {/if}
Author	SHA1	Message	Date
bwees	ab06f38c78	fix: add a sequence column to asset edits	2026-01-22 11:14:01 -06:00
Mees Frensel	78f400305b	fix(web): don't show ocr button on panoramas (#25450 )	2026-01-22 10:07:05 -06:00
bo0tzz	55477a8a1a	chore: revert mise-action bump (#25451 )	2026-01-22 16:53:14 +01:00
Alex	7cbfc12e0d	chore: use context menu for user table (#25428 ) * chore: use context menu for user table * chore: reorder columns --------- Co-authored-by: Jason Rasmussen <jason@rasm.me>	2026-01-22 07:44:08 -05:00
Mees Frensel	c320146538	fix: add scoped API permissions to map endpoints (#25423 )	2026-01-22 07:43:29 -05:00
solluh	3304c8efd8	docs: update README_de_DE.md (#25443 )	2026-01-22 12:55:44 +01:00
Daniel Dietzler	2dcb4efc40	fix: lock tags column on update (#25435 )	2026-01-21 21:20:05 -05:00