Adds a per-user "Can Stream" permission mirroring the existing "Can Download"
pattern. Server admins can now disable streaming for specific users, encouraging
local downloads instead. Addresses #2572.
Changes:
- User model: stream permission in mapping, defaults, and getter
- ApiKey model: stream permission in defaults
- Controller: 403 enforcement on playback session creation endpoints
- Frontend: permission toggle in admin UI, play button gated by canStream,
download button shown when streaming disabled, message when neither allowed
- Tests: 11 Mocha tests (model + controller), 1 Cypress test (card UI)
- Localization: English strings for toggle label and fallback message
The getter uses !== false (rather than !!) so existing users without the
stream key in their permissions JSON default to allowed on upgrade.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* add create eReader permission toggle
* add english label for create EReader permission
* add ereader table to account with user specific modal
* add createEreader permission
* create api endpoint and logic for updating user eReader devices
* add translated label for createEreader permission
* handle name duplicates and remove helper func
* toast for duplicate name error caught on server
* restrict user ereader updates to devices with sole ownership
* remove label
* fix other devices logic and client socket emitter
* fix for deleting ereaders
* User create ereader endpoint validate accessibility
---------
Co-authored-by: advplyr <advplyr@protonmail.com>
This patch should fix most of the problems for users trying to access
the user settings via screen reader. It makes sure user interface
elements can be reached via keyboard and provides proper labels, roles
and values so you not only can interact with elements but also know what
you are actually changing.
While not focused on other views, this should also already fix a number
of accessibility issues with other settings pages.
