Skip to content

feat: Allow admin/owner to opt out of auto-approval #4308

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
fronc wants to merge 2 commits into
base: develop
Choose a base branch
from
Open

feat: Allow admin/owner to opt out of auto-approval #4308

fronc wants to merge 2 commits into from
+88 −30

Conversation

@fronc
Copy link

@fronc fronc commented Dec 21, 2025
edited
Loading

Allow Admin/Owner to Opt Out of Auto-Approval

Summary

This PR implements an option for admin and owner accounts to disable auto-approval of their own requests, addressing a long-standing feature request. Admin requests can now go through the normal pending → approved flow, enabling integration with third-party tools and manual queue management.

Closes #3926

Problem

Currently, any request made by an admin or owner account is automatically approved and begins processing immediately. This behavior:

  1. Prevents wishlist functionality - Admins cannot maintain a queue of desired media
  2. Breaks third-party tool integration - Tools that intercept pending requests (for availability checking, approval workflows, etc.) cannot process admin requests
  3. Limits admin flexibility - Features are more restricted on accounts with greater permissions

Solution

Modified the permission system to treat auto-approve permissions explicitly for admin users, rather than granting them implicitly via the admin role.

Key Changes

  1. server/lib/permissions.ts

    • Added isAutoApprovePermission() helper function
    • Modified hasPermission() to NOT bypass auto-approve permission checks for admin users
    • Preserved admin bypass for all other permission types
    • Restored permissions === 0 early return for isAuthenticated() with no args

  2. server/entity/MediaRequest.ts

    • Removed Permission.MANAGE_REQUESTS from auto-approval status check
    • Admin requests now go to PENDING unless explicit auto-approve permissions are set

  3. server/routes/user/usersettings.ts

    • Added special handling for owner (ID 1) to modify their own auto-approve permissions
    • Protected all other permissions from self-modification

  4. Frontend Components

    • Updated PermissionOption to allow owner to toggle auto-approve in UI
    • Updated request modals to accurately reflect auto-approval status

Permission Behavior Matrix

Permission Type Admin Bypass? Reason
MANAGE_* (Users, Requests, Issues) ✅ Yes Administrative functions
REQUEST*, VIEW*, CREATE* ✅ Yes Standard permissions
AUTO_APPROVE* No Must be explicitly granted
AUTO_REQUEST* ✅ Yes Watchlist sync permissions

How to Use

For Admins Who Want Pending Requests

  1. Go to Settings → Users → [Your User] → Permissions
  2. Uncheck the auto-approve permissions:
    • Auto-Approve
    • Auto-Approve Movies
    • Auto-Approve Series
    • (And 4K variants if applicable)
  3. Save changes

New requests will now go to Pending status instead of being automatically approved.

For Admins Who Want Original Behavior

No action needed. Ensure auto-approve permissions remain checked (they are granted by default for new admin accounts).

Testing Performed

Functional Tests

  • Non-admin users can log in (/auth/me returns 200)
  • Admin users can log in
  • Admin with auto-approve disabled → requests go to PENDING
  • Admin with auto-approve enabled → requests auto-approve
  • Admin can still approve/reject other users' requests
  • Admin can still manage users, settings, issues
  • Owner can toggle auto-approve permissions in UI
  • Owner cannot modify other permissions on themselves
  • Notifications still work for admins

Edge Cases Verified

  • hasPermission(0, ...) returns true (any logged-in user)
  • hasPermission([], ...) returns true (empty array)
  • hasPermission([AUTO_APPROVE], ...) requires explicit bit for admin
  • hasPermission([MANAGE_REQUESTS], ...) allows admin bypass

Comprehensive Permission Audit

All permission behaviors preserved with one intentional change:

Scenario Expected Verified
Non-admin login Works
Admin login Works
Admin creates request Goes to PENDING (if auto-approve disabled)
Admin approves others' requests Works
Admin manages users Works
Owner edits auto-approve Can toggle
Owner edits other permissions Blocked
Non-owner edits owner Blocked

Breaking Changes

None. This is backwards-compatible:

  • Existing admin accounts retain their current permissions
  • Auto-approve behavior unchanged unless explicitly modified by user
  • All administrative functions continue to work

@fgonnello-shopify
fix(permissions): allow admins to disable auto-approve for their own …
de3d55d 
…requests

Admins/owners can now disable their auto-approve permissions, allowing
their requests to enter the pending queue like regular users.

Changes:
- Modified hasPermission() to not auto-bypass for AUTO_APPROVE* permissions
- Removed MANAGE_REQUESTS from auto-approve permission checks
- Allow owner (ID 1) to modify their own auto-approve settings via API
- Updated UI to enable owner to toggle auto-approve permissions

This enables admins to opt into manual approval workflows when needed.

Fixes sct#4031
@fronc fronc mentioned this pull request Dec 22, 2025
Open
@SerenModz21
Copy link

SerenModz21 commented Dec 22, 2025

Just to let you know, Overseerr and Jellyseerr are currently in the process of merging into Seerr. As such, all development is now happening here: https://github.com/seerr-team/seerr (previously the Jellyseerr repo)

The announcement can be found on the Seerr (previously Overseerr) Discord server: https://discord.com/channels/783137440809746482/785475251231784961/1424781317471473837

image

Invite link: https://discord.gg/seerr

@fronc fronc mentioned this pull request Dec 22, 2025
Open
1 task
@fgonnello-shopify
fix: restore permissions === 0 check for non-admin login
093cc57 
When hasPermission is called with 0 (no permission required),
return true immediately. This was accidentally removed during
the admin auto-approve fix, breaking /auth/me for non-admin users.
@fronc fronc changed the title fix(permissions): allow admins to disable auto-approve for their own requests feat: Allow admin/owner to opt out of auto-approval Dec 22, 2025
@fronc
Copy link
Author

fronc commented Dec 22, 2025

Thanks for the heads up @SerenModz21 ! I have migrated to Seerr, and also submitted the PR over there since it's the same lines that require the change. See you over there from now on!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sct sct Awaiting requested review from sct sct is a code owner

@TheCatLady TheCatLady Awaiting requested review from TheCatLady TheCatLady is a code owner

@danshilm danshilm Awaiting requested review from danshilm danshilm is a code owner

@OwsleyJr OwsleyJr Awaiting requested review from OwsleyJr OwsleyJr is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Disable Auto Approve for Owner accounts

3 participants

@fronc @SerenModz21 @fgonnello-shopify