Permission Issue

[caffeineaddiction]

I am running a podman container w/ the following config:

podman run \
  -d --name audiobookshelf \
  -e AUDIOBOOKSHELF_UID=1000 \
  -e AUDIOBOOKSHELF_GID=1000 \
  -p 8001:80 \
  -v /opt/containers/audiobookshelf/config:/config \
  -v /opt/containers/audiobookshelf/meta:/metadata \
  -v /opt/_data/SHARED/sync/MP3_Books:/audiobooks \
  -v /opt/_data/SHARED/sync/Podcasts:/podcasts \
  ghcr.io/advplyr/audiobookshelf:latest

$ ls -lah
total 20K
drwxr-xr-x  4 root   root   4.0K Sep 23 19:57 ./
drwxr-xr-x  9 root   root   4.0K Aug 31 17:38 ../
drwxrwxr-x 11 podman podman 4.0K Sep 23 20:05 config/
drwxrwxr-x  8 podman podman 4.0K Sep 23 19:59 meta/
-rwxr-xr-x  1 root   root    433 Sep 23 19:57 run.sh*

For some reason I am able to create collections, but I cant change the order of the books in the collection. Also while I can listen to a book and let the player timeout at the end (which will mark it as finished), I cant mark books as finished or not finished. Finally, if I go into settings and change something it says I successfully made the change ... but if I refresh the page the setting reverts.

Anyone have any ideas on how I jacked up the permission-ing to accomplish this?

[caffeineaddiction]

browser console was complaining about error 403 (forbidden)

issue was that Mod Security my web application firewall was freaking out cause PATCH method was being used:

"producer":{"modsecurity":"ModSecurity v3.0.7 (Linux)","connector":"ModSecurity-nginx v1.0.3","secrules_engine":"Enabled","components":["OWASP_CRS/4.0.0-rc1""]},"messages":[{"message":"Method is not allowed by policy","details":{"match":"Matched "Operator Within' with parameter GET HEAD POST OPTIONS' against variable REQUEST_METHOD' (Value: PATCH' )","reference":"v0,5","ruleId":"911100"

https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.3/dev/rules/REQUEST-949-BLOCKING-EVALUATION.conf#L81

This can be solved by adding the following line in the modsecurity.conf file: SecRuleRemoveById 94911