Mirrors/audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2026-02-20 13:53:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add:User permission restrict explicit content #637

Browse Source
This commit is contained in:
advplyr
2022-05-28 16:53:03 -05:00
parent 6be741045f
commit 160dac109d
5 changed files with 19 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
server/controllers/LibraryController.js
View File

@@ -485,8 +485,7 @@ class LibraryController {
}
middleware(req, res, next) {
var librariesAccessible = req.user.librariesAccessible || []
if (librariesAccessible && librariesAccessible.length && !librariesAccessible.includes(req.params.id)) {
if (!req.user.checkCanAccessLibrary(req.params.id)) {
Logger.warn(`[LibraryController] Library ${req.params.id} not accessible to user ${req.user.username}`)
return res.sendStatus(404)
}
@@ -497,7 +496,7 @@ class LibraryController {
}
req.library = library
req.libraryItems = this.db.libraryItems.filter(li => {
return li.libraryId === library.id && req.user.checkCanAccessLibraryItemWithTags(li.media.tags)
return li.libraryId === library.id && req.user.checkCanAccessLibraryItem(li)
})
next()
}

7
server/controllers/PodcastController.js
View File

@@ -225,13 +225,8 @@ class PodcastController {
return res.sendStatus(500)
}
// Check user can access this library
if (!req.user.checkCanAccessLibrary(item.libraryId)) {
return res.sendStatus(403)
}
// Check user can access this library item
if (!req.user.checkCanAccessLibraryItemWithTags(item.media.tags)) {
if (!req.user.checkCanAccessLibraryItem(item)) {
return res.sendStatus(403)
}