4.9 KiB
Users & Requests
Configure in Settings → Users & Requests.
Authentication Methods
Shelfmark supports four authentication methods, configured in Settings → Security.
Local
You create user accounts directly in Shelfmark with a username and password. At least one local admin account must exist before this mode can be enabled.
Proxy Authentication
Your reverse proxy handles authentication and passes the username to Shelfmark via a header (e.g. Remote-User). Accounts are created automatically on first sign-in. If a local user with the same username already exists, the proxy identity will be linked to that account rather than creating a duplicate. Admin status can optionally be derived from a groups header.
OIDC (OpenID Connect)
Users sign in through your identity provider. Accounts are created automatically on first login (unless auto-provisioning is disabled, in which case you need to pre-create them). If a local user with a matching verified email already exists, the OIDC identity will be linked to that account on first sign-in. Admin status can optionally be derived from a group claim.
A local admin account is required as a fallback. See OIDC for provider setup.
Calibre-Web Database
User accounts are synced from your Calibre-Web app.db. If a local user with a matching email already exists, the CWA identity will be linked to that account. Roles are kept in sync with CWA. Users removed from CWA are cleaned up on the next sync.
Requires mounting your Calibre-Web app.db to /auth/app.db.
Per-User Settings
Admins can configure per-user settings by editing a user in the user management panel. Non-admin users can also edit their own settings through My Account (accessible from the user menu). Admins control which sections are visible in My Account via the Visible Self-Settings Sections option.
There are three categories of per-user settings:
Delivery Preferences
Override where a user's downloads are sent. Options depend on the global output mode configuration:
- Output mode — Folder, Email (SMTP), or BookLore (API)
- Destination — A custom folder path for this user's ebook downloads
- Audiobook destination — A custom folder path for audiobook downloads
- BookLore library/path — Per-user BookLore target (when using BookLore output mode)
- Email recipient — Per-user email address (when using Email output mode)
Notifications
Users can configure personal notification routes, separate from the global notification settings. Each route targets a URL (e.g. an Apprise-compatible endpoint) and can be scoped to specific event types or all events.
Request Policy (admin-only)
Admins can override the default ebook/audiobook modes and request rules for individual users. See Per-User Overrides below.
Requests
The request system controls whether users can download directly or need admin approval first.
Policy Modes
Each content type (ebook, audiobook) has a default mode that sets the baseline:
| Mode | Behaviour |
|---|---|
| Download | Users download directly, no approval needed |
| Request Release | Users pick a specific release, then submit it for admin approval |
| Request Book | Users request the book itself — an admin picks the release and fulfils it |
| Blocked | No downloads or requests allowed |
Settings
| Setting | Description | Default |
|---|---|---|
| Enable Requests | Master toggle. When off, everyone downloads directly | Off |
| Default Ebook Mode | Baseline mode for all ebook sources | Download |
| Default Audiobook Mode | Baseline mode for all audiobook sources | Download |
| Request Rules | Per-source overrides (see below) | None |
| Max Pending Requests Per User | Open request limit per user | 20 |
| Allow Notes on Requests | Let users attach a note when submitting | On |
Request Rules
The rules matrix lets you override the mode for specific source + content type combinations. Rules can only be equal to or more restrictive than the content-type default — they cannot grant more access than the baseline.
For example, if the default ebook mode is "Download", a rule can restrict a specific source to "Request Release" or "Blocked", but not the other way around. If no rule matches, the content-type default applies.
Per-User Overrides
Admins can override the default ebook/audiobook modes and request rules for individual users. Per-user rules are overlaid on the global rules, not replacing them.
Request Lifecycle
- User submits a request (book or release level, depending on the resolved policy mode)
- Request appears in the admin request queue as pending
- Admin either fulfils (queues a download) or rejects the request
- For fulfilled requests, delivery state is tracked through the download pipeline
- If delivery fails, an admin can reopen the request to try a different release
- Users can cancel their own pending requests