mirror of
https://github.com/advplyr/audiobookshelf.git
synced 2025-01-17 00:08:55 +01:00
Update:Authors page check user can access library items and can edit
This commit is contained in:
parent
4f7588c87d
commit
7f27eabf3e
@ -11,7 +11,7 @@
|
|||||||
<div class="flex items-center mb-8">
|
<div class="flex items-center mb-8">
|
||||||
<h1 class="text-2xl">{{ author.name }}</h1>
|
<h1 class="text-2xl">{{ author.name }}</h1>
|
||||||
|
|
||||||
<button class="w-8 h-8 rounded-full flex items-center justify-center mx-4 cursor-pointer text-gray-300 hover:text-warning transform hover:scale-125 duration-100" @click="editAuthor">
|
<button v-if="userCanUpdate" class="w-8 h-8 rounded-full flex items-center justify-center mx-4 cursor-pointer text-gray-300 hover:text-warning transform hover:scale-125 duration-100" @click="editAuthor">
|
||||||
<span class="material-icons text-base">edit</span>
|
<span class="material-icons text-base">edit</span>
|
||||||
</button>
|
</button>
|
||||||
</div>
|
</div>
|
||||||
@ -68,6 +68,9 @@ export default {
|
|||||||
},
|
},
|
||||||
authorSeries() {
|
authorSeries() {
|
||||||
return this.author.series || []
|
return this.author.series || []
|
||||||
|
},
|
||||||
|
userCanUpdate() {
|
||||||
|
return this.$store.getters['user/getUserCanUpdate']
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
methods: {
|
methods: {
|
||||||
|
@ -16,6 +16,7 @@ class AuthorController {
|
|||||||
// Used on author landing page to include library items and items grouped in series
|
// Used on author landing page to include library items and items grouped in series
|
||||||
if (include.includes('items')) {
|
if (include.includes('items')) {
|
||||||
authorJson.libraryItems = this.db.libraryItems.filter(li => {
|
authorJson.libraryItems = this.db.libraryItems.filter(li => {
|
||||||
|
if (!req.user.checkCanAccessLibraryItem(li)) return false // filter out library items user cannot access
|
||||||
return li.media.metadata.hasAuthor && li.media.metadata.hasAuthor(req.author.id)
|
return li.media.metadata.hasAuthor && li.media.metadata.hasAuthor(req.author.id)
|
||||||
})
|
})
|
||||||
|
|
||||||
|
@ -379,13 +379,8 @@ class LibraryItemController {
|
|||||||
var item = this.db.libraryItems.find(li => li.id === req.params.id)
|
var item = this.db.libraryItems.find(li => li.id === req.params.id)
|
||||||
if (!item || !item.media) return res.sendStatus(404)
|
if (!item || !item.media) return res.sendStatus(404)
|
||||||
|
|
||||||
// Check user can access this library
|
|
||||||
if (!req.user.checkCanAccessLibrary(item.libraryId)) {
|
|
||||||
return res.sendStatus(403)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Check user can access this library item
|
// Check user can access this library item
|
||||||
if (!req.user.checkCanAccessLibraryItemWithTags(item.media.tags)) {
|
if (!req.user.checkCanAccessLibraryItem(item)) {
|
||||||
return res.sendStatus(403)
|
return res.sendStatus(403)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -341,6 +341,11 @@ class User {
|
|||||||
return this.itemTagsAccessible.some(tag => tags.includes(tag))
|
return this.itemTagsAccessible.some(tag => tags.includes(tag))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
checkCanAccessLibraryItem(libraryItem) {
|
||||||
|
if (!this.checkCanAccessLibrary(libraryItem.libraryId)) return false
|
||||||
|
return this.checkCanAccessLibraryItemWithTags(libraryItem.media.tags)
|
||||||
|
}
|
||||||
|
|
||||||
findBookmark(libraryItemId, time) {
|
findBookmark(libraryItemId, time) {
|
||||||
return this.bookmarks.find(bm => bm.libraryItemId === libraryItemId && bm.time == time)
|
return this.bookmarks.find(bm => bm.libraryItemId === libraryItemId && bm.time == time)
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user