starred/audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2026-06-07 11:12:45 +02:00
Code Issues 1.0k Packages Projects Releases 10 Wiki Activity

Update:Authors page check user can access library items and can edit

Browse Source
This commit is contained in:
advplyr
2022-05-08 18:48:57 -05:00
parent 4f7588c87d
commit 7f27eabf3e
4 changed files with 11 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/controllers/AuthorController.js
+1
View File
@@ -16,6 +16,7 @@ class AuthorController {
// Used on author landing page to include library items and items grouped in series
if (include.includes('items')) {
authorJson.libraryItems = this.db.libraryItems.filter(li => {
if (!req.user.checkCanAccessLibraryItem(li)) return false // filter out library items user cannot access
return li.media.metadata.hasAuthor && li.media.metadata.hasAuthor(req.author.id)
})
server/controllers/LibraryItemController.js
+1 -6
View File
@@ -379,13 +379,8 @@ class LibraryItemController {
var item = this.db.libraryItems.find(li => li.id === req.params.id)
if (!item || !item.media) return res.sendStatus(404)
// Check user can access this library
if (!req.user.checkCanAccessLibrary(item.libraryId)) {
return res.sendStatus(403)
}
// Check user can access this library item
if (!req.user.checkCanAccessLibraryItemWithTags(item.media.tags)) {
if (!req.user.checkCanAccessLibraryItem(item)) {
return res.sendStatus(403)
}