Add:Restrict user permissions by tag

2025-12-19 02:09:37 +00:00 · 2022-03-20 06:29:08 -05:00 · 2022-03-20 06:29:08 -05:00 · 27f1bd90f9
commit 27f1bd90f9
parent f8d0384155
6 changed files with 114 additions and 11 deletions
--- a/server/controllers/LibraryController.js
+++ b/server/controllers/LibraryController.js
@ -233,7 +233,9 @@ class LibraryController {
    if (!req.params.series) {
      return res.status(403).send('Invalid series')
    }
-    var libraryItems = this.db.libraryItems.filter(li => li.libraryId === req.library.id && li.book.series === req.params.series)
+    var libraryItems = this.db.libraryItems.filter(li => {
+      return li.libraryId === req.library.id && li.book.series === req.params.series
+    })
    if (!libraryItems.length) {
      return res.status(404).send('Series not found')
    }
@ -530,7 +532,9 @@ class LibraryController {
      return res.status(404).send('Library not found')
    }
    req.library = library
-    req.libraryItems = this.db.libraryItems.filter(li => li.libraryId === library.id)
+    req.libraryItems = this.db.libraryItems.filter(li => {
+      return li.libraryId === library.id && req.user.checkCanAccessLibraryItemWithTags(li.media.tags)
+    })
    next()
  }
 }
--- a/server/controllers/LibraryItemController.js
+++ b/server/controllers/LibraryItemController.js
@ -262,6 +262,11 @@ class LibraryItemController {
      return res.sendStatus(403)
    }

+    // Check user can access this library item
+    if (!req.user.checkCanAccessLibraryItemWithTags(item.media.tags)) {
+      return res.sendStatus(403)
+    }
+
    if (req.method == 'DELETE' && !req.user.canDelete) {
      Logger.warn(`[LibraryItemController] User attempted to delete without permission`, req.user)
      return res.sendStatus(403)
--- a/server/controllers/MiscController.js
+++ b/server/controllers/MiscController.js
@ -170,5 +170,21 @@ class MiscController {
    }
    res.json({ user: req.user })
  }
+
+  getAllTags(req, res) {
+    if (!req.user.isRoot) {
+      Logger.error(`[MiscController] Non-root user attempted to getAllTags`)
+      return res.sendStatus(404)
+    }
+    var tags = []
+    this.db.libraryItems.forEach((li) => {
+      if (li.media.tags && li.media.tags.length) {
+        li.media.tags.forEach((tag) => {
+          if (!tags.includes(tag)) tags.push(tag)
+        })
+      }
+    })
+    res.json(tags)
+  }
 }
 module.exports = new MiscController()