From 0bb80e92940834e1f9b42513b2231b1ddb1d23d6 Mon Sep 17 00:00:00 2001
From: AppleTheGolden <scotsbox@protonmail.com>
Date: Thu, 21 May 2026 00:27:25 +0200
Subject: [PATCH] auth: read (and admin) implies get (#1485)

and hides redundant get-permission in webui; closes #1483
---
 copyparty/authsrv.py     |  3 ++-
 copyparty/httpcli.py     |  1 +
 copyparty/web/browser.js | 12 +++++++++---
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/copyparty/authsrv.py b/copyparty/authsrv.py
index 38e1c9e2..a1e18680 100644
--- a/copyparty/authsrv.py
+++ b/copyparty/authsrv.py
@@ -1663,7 +1663,8 @@ class AuthSrv(object):
             for alias, mapping in [
                 ("h", "gh"),
                 ("G", "gG"),
-                ("A", "rwmda.A"),
+                ("r", "g"),
+                ("A", "rgwmda.A"),
             ]:
                 expanded = ""
                 for ch in mapping:
diff --git a/copyparty/httpcli.py b/copyparty/httpcli.py
index d8df0715..e4cd6a36 100644
--- a/copyparty/httpcli.py
+++ b/copyparty/httpcli.py
@@ -6443,6 +6443,7 @@ class HttpCli(object):
         s_wr = "write" in req["perms"]
         s_get = "get" in req["perms"]
         s_dot = "dot" in req["perms"]
+        # will_read, will_write, will_move, will_del, will_get
         s_axs = [s_rd, s_wr, False, False, s_get]
         s_axsd = s_axs + [s_dot]
 
diff --git a/copyparty/web/browser.js b/copyparty/web/browser.js
index 57685423..637edb69 100644
--- a/copyparty/web/browser.js
+++ b/copyparty/web/browser.js
@@ -4145,6 +4145,8 @@ var fileman = (function () {
 			if (this.textContent == 'write-only')
 				for (var a = 0; a < pbtns.length; a++)
 					clmod(pbtns[a], 'on', pbtns[a].textContent == 'write');
+			if (this.textContent == 'get' && clgot(this, 'on') && has(perms, 'read'))
+				clmod(pbtns[0], 'on');
 		}
 		clmod(pbtns[0], 'on', 1);
 
@@ -8033,12 +8035,17 @@ function apply_perms(res) {
 	a.style.display = '';
 	tt.att(QS('#ops'));
 
+	var v_perms = perms.slice(0);
+	var have_read = has(perms, 'read');
+	if (have_read)
+		apop(v_perms, 'get');
+
 	for (var a = 0; a < chk.length; a++)
-		if (has(perms, chk[a]))
+		if (has(v_perms, chk[a]))
 			axs.push(chk[a].slice(0, 1).toUpperCase() + chk[a].slice(1));
 
 	axs = axs.join('-');
-	if (perms.length == 1) {
+	if (v_perms.length == 1) {
 		aclass = ' class="warn">';
 		axs += '-Only';
 	}
@@ -8080,7 +8087,6 @@ function apply_perms(res) {
 	document.body.setAttribute('perms', perms.join(' '));
 
 	var have_write = has(perms, "write"),
-		have_read = has(perms, "read"),
 		de = document.documentElement,
 		tds = QSA('#u2conf td');