Add:User permission restrict explicit content #637

client/components/modals/AccountModal.vue

@@ -65,6 +65,15 @@
               </div>
             </div>
 
+            <div class="flex items-center my-2 max-w-md">
+              <div class="w-1/2">
+                <p>Can Access Explicit Content</p>
+              </div>
+              <div class="w-1/2">
+                <ui-toggle-switch v-model="newUser.permissions.accessExplicitContent" />
+              </div>
+            </div>
+
             <div class="flex items-center my-2 max-w-md">
               <div class="w-1/2">
                 <p>Can Access All Libraries</p>

server/Auth.js

@@ -104,7 +104,6 @@ class Auth {
   async login(req, res) {
     var username = (req.body.username || '').toLowerCase()
     var password = req.body.password || ''
-    Logger.debug('Check Auth', username, !!password)
 
     var user = this.users.find(u => u.username.toLowerCase() === username)
 

server/controllers/LibraryController.js

@@ -485,8 +485,7 @@ class LibraryController {
   }
 
   middleware(req, res, next) {
-    var librariesAccessible = req.user.librariesAccessible || []
+    if (!req.user.checkCanAccessLibrary(req.params.id)) {
-    if (librariesAccessible && librariesAccessible.length && !librariesAccessible.includes(req.params.id)) {
       Logger.warn(`[LibraryController] Library ${req.params.id} not accessible to user ${req.user.username}`)
       return res.sendStatus(404)
     }
@@ -497,7 +496,7 @@ class LibraryController {
     }
     req.library = library
     req.libraryItems = this.db.libraryItems.filter(li => {
-      return li.libraryId === library.id && req.user.checkCanAccessLibraryItemWithTags(li.media.tags)
+      return li.libraryId === library.id && req.user.checkCanAccessLibraryItem(li)
     })
     next()
   }

server/controllers/PodcastController.js

@@ -225,13 +225,8 @@ class PodcastController {
       return res.sendStatus(500)
     }
 
-    // Check user can access this library
-    if (!req.user.checkCanAccessLibrary(item.libraryId)) {
-      return res.sendStatus(403)
-    }
-
     // Check user can access this library item
-    if (!req.user.checkCanAccessLibraryItemWithTags(item.media.tags)) {
+    if (!req.user.checkCanAccessLibraryItem(item)) {
       return res.sendStatus(403)
     }
 

server/objects/user/User.js

@@ -51,11 +51,8 @@ class User {
   get canUpload() {
     return !!this.permissions.upload && this.isActive
   }
-  get canAccessAllLibraries() {
+  get canAccessExplicitContent() {
-    return !!this.permissions.accessAllLibraries && this.isActive
+    return !!this.permissions.accessExplicitContent && this.isActive
-  }
-  get canAccessAllTags() {
-    return !!this.permissions.accessAllTags && this.isActive
   }
   get hasPw() {
     return !!this.pash && !!this.pash.length
@@ -82,7 +79,8 @@ class User {
       delete: this.type === 'root',
       upload: this.type === 'root' || this.type === 'admin',
       accessAllLibraries: true,
-      accessAllTags: true
+      accessAllTags: true,
+      accessExplicitContent: true
     }
   }
 
@@ -176,6 +174,8 @@ class User {
     if (this.permissions.accessAllLibraries === undefined) this.permissions.accessAllLibraries = true
     // Library restriction permissions added v2.0, defaults to all libraries
     if (this.permissions.accessAllTags === undefined) this.permissions.accessAllTags = true
+    // Explicit content restriction permission added v2.0.18
+    if (this.permissions.accessExplicitContent === undefined) this.permissions.accessExplicitContent = true
 
     this.librariesAccessible = [...(user.librariesAccessible || [])]
     this.itemTagsAccessible = [...(user.itemTagsAccessible || [])]
@@ -343,6 +343,7 @@ class User {
 
   checkCanAccessLibraryItem(libraryItem) {
     if (!this.checkCanAccessLibrary(libraryItem.libraryId)) return false
+    if (libraryItem.media.metadata.explicit && !this.canAccessExplicitContent) return false
     return this.checkCanAccessLibraryItemWithTags(libraryItem.media.tags)
   }