From 160dac109dafae19f2aae1e14bcc1126cff3c2cb Mon Sep 17 00:00:00 2001
From: advplyr <advplyr@protonmail.com>
Date: Sat, 28 May 2022 16:53:03 -0500
Subject: [PATCH] Add:User permission restrict explicit content #637

---
 client/components/modals/AccountModal.vue |  9 +++++++++
 server/Auth.js                            |  1 -
 server/controllers/LibraryController.js   |  5 ++---
 server/controllers/PodcastController.js   |  7 +------
 server/objects/user/User.js               | 13 +++++++------
 5 files changed, 19 insertions(+), 16 deletions(-)

diff --git a/client/components/modals/AccountModal.vue b/client/components/modals/AccountModal.vue
index 59180952..8f572b22 100644
--- a/client/components/modals/AccountModal.vue
+++ b/client/components/modals/AccountModal.vue
@@ -65,6 +65,15 @@
               </div>
             </div>
 
+            <div class="flex items-center my-2 max-w-md">
+              <div class="w-1/2">
+                <p>Can Access Explicit Content</p>
+              </div>
+              <div class="w-1/2">
+                <ui-toggle-switch v-model="newUser.permissions.accessExplicitContent" />
+              </div>
+            </div>
+
             <div class="flex items-center my-2 max-w-md">
               <div class="w-1/2">
                 <p>Can Access All Libraries</p>
diff --git a/server/Auth.js b/server/Auth.js
index 1548854b..08198169 100644
--- a/server/Auth.js
+++ b/server/Auth.js
@@ -104,7 +104,6 @@ class Auth {
   async login(req, res) {
     var username = (req.body.username || '').toLowerCase()
     var password = req.body.password || ''
-    Logger.debug('Check Auth', username, !!password)
 
     var user = this.users.find(u => u.username.toLowerCase() === username)
 
diff --git a/server/controllers/LibraryController.js b/server/controllers/LibraryController.js
index 02ed2629..281e6e31 100644
--- a/server/controllers/LibraryController.js
+++ b/server/controllers/LibraryController.js
@@ -485,8 +485,7 @@ class LibraryController {
   }
 
   middleware(req, res, next) {
-    var librariesAccessible = req.user.librariesAccessible || []
-    if (librariesAccessible && librariesAccessible.length && !librariesAccessible.includes(req.params.id)) {
+    if (!req.user.checkCanAccessLibrary(req.params.id)) {
       Logger.warn(`[LibraryController] Library ${req.params.id} not accessible to user ${req.user.username}`)
       return res.sendStatus(404)
     }
@@ -497,7 +496,7 @@ class LibraryController {
     }
     req.library = library
     req.libraryItems = this.db.libraryItems.filter(li => {
-      return li.libraryId === library.id && req.user.checkCanAccessLibraryItemWithTags(li.media.tags)
+      return li.libraryId === library.id && req.user.checkCanAccessLibraryItem(li)
     })
     next()
   }
diff --git a/server/controllers/PodcastController.js b/server/controllers/PodcastController.js
index 41ab8f11..0a0d9fe0 100644
--- a/server/controllers/PodcastController.js
+++ b/server/controllers/PodcastController.js
@@ -225,13 +225,8 @@ class PodcastController {
       return res.sendStatus(500)
     }
 
-    // Check user can access this library
-    if (!req.user.checkCanAccessLibrary(item.libraryId)) {
-      return res.sendStatus(403)
-    }
-
     // Check user can access this library item
-    if (!req.user.checkCanAccessLibraryItemWithTags(item.media.tags)) {
+    if (!req.user.checkCanAccessLibraryItem(item)) {
       return res.sendStatus(403)
     }
 
diff --git a/server/objects/user/User.js b/server/objects/user/User.js
index ea1432e7..e213c661 100644
--- a/server/objects/user/User.js
+++ b/server/objects/user/User.js
@@ -51,11 +51,8 @@ class User {
   get canUpload() {
     return !!this.permissions.upload && this.isActive
   }
-  get canAccessAllLibraries() {
-    return !!this.permissions.accessAllLibraries && this.isActive
-  }
-  get canAccessAllTags() {
-    return !!this.permissions.accessAllTags && this.isActive
+  get canAccessExplicitContent() {
+    return !!this.permissions.accessExplicitContent && this.isActive
   }
   get hasPw() {
     return !!this.pash && !!this.pash.length
@@ -82,7 +79,8 @@ class User {
       delete: this.type === 'root',
       upload: this.type === 'root' || this.type === 'admin',
       accessAllLibraries: true,
-      accessAllTags: true
+      accessAllTags: true,
+      accessExplicitContent: true
     }
   }
 
@@ -176,6 +174,8 @@ class User {
     if (this.permissions.accessAllLibraries === undefined) this.permissions.accessAllLibraries = true
     // Library restriction permissions added v2.0, defaults to all libraries
     if (this.permissions.accessAllTags === undefined) this.permissions.accessAllTags = true
+    // Explicit content restriction permission added v2.0.18
+    if (this.permissions.accessExplicitContent === undefined) this.permissions.accessExplicitContent = true
 
     this.librariesAccessible = [...(user.librariesAccessible || [])]
     this.itemTagsAccessible = [...(user.itemTagsAccessible || [])]
@@ -343,6 +343,7 @@ class User {
 
   checkCanAccessLibraryItem(libraryItem) {
     if (!this.checkCanAccessLibrary(libraryItem.libraryId)) return false
+    if (libraryItem.media.metadata.explicit && !this.canAccessExplicitContent) return false
     return this.checkCanAccessLibraryItemWithTags(libraryItem.media.tags)
   }