From 156a4ed01d3301f70cc062f5ec4740d67716e7df Mon Sep 17 00:00:00 2001
From: advplyr <advplyr@protonmail.com>
Date: Sun, 16 Jan 2022 13:37:32 -0600
Subject: [PATCH] Fix:Get library check user access

---
 server/controllers/LibraryController.js | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/server/controllers/LibraryController.js b/server/controllers/LibraryController.js
index e6415bee..0f6c1380 100644
--- a/server/controllers/LibraryController.js
+++ b/server/controllers/LibraryController.js
@@ -38,6 +38,12 @@ class LibraryController {
   }
 
   async findOne(req, res) {
+    var librariesAccessible = req.user.librariesAccessible || []
+    if (librariesAccessible && librariesAccessible.length && !librariesAccessible.includes(req.library.id)) {
+      Logger.warn(`[LibraryController] Library ${req.library.id} not accessible to user ${req.user.username}`)
+      return res.sendStatus(404)
+    }
+
     if (req.query.include && req.query.include === 'filterdata') {
       var books = this.db.audiobooks.filter(ab => ab.libraryId === req.library.id)
       return res.json({