mirror of
https://github.com/advplyr/audiobookshelf.git
synced 2026-07-07 09:51:37 +00:00
Compare commits
2 commits
5b2a788cfc
...
9ab35ef418
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
9ab35ef418 | ||
|
|
79cc9765cf |
2 changed files with 24 additions and 2 deletions
|
|
@ -41,6 +41,10 @@ class CollectionController {
|
||||||
if (reqBody.description && typeof reqBody.description !== 'string') {
|
if (reqBody.description && typeof reqBody.description !== 'string') {
|
||||||
return res.status(400).send('Invalid collection description')
|
return res.status(400).send('Invalid collection description')
|
||||||
}
|
}
|
||||||
|
if (!req.user.checkCanAccessLibrary(reqBody.libraryId)) {
|
||||||
|
Logger.warn(`[CollectionController] User "${req.user.username}" attempted to create collection in inaccessible library ${reqBody.libraryId}`)
|
||||||
|
return res.sendStatus(403)
|
||||||
|
}
|
||||||
const libraryItemIds = (reqBody.books || []).filter((b) => !!b && typeof b == 'string')
|
const libraryItemIds = (reqBody.books || []).filter((b) => !!b && typeof b == 'string')
|
||||||
if (!libraryItemIds.length) {
|
if (!libraryItemIds.length) {
|
||||||
return res.status(400).send('Invalid collection data. No books')
|
return res.status(400).send('Invalid collection data. No books')
|
||||||
|
|
@ -109,8 +113,9 @@ class CollectionController {
|
||||||
*/
|
*/
|
||||||
async findAll(req, res) {
|
async findAll(req, res) {
|
||||||
const collectionsExpanded = await Database.collectionModel.getOldCollectionsJsonExpanded(req.user)
|
const collectionsExpanded = await Database.collectionModel.getOldCollectionsJsonExpanded(req.user)
|
||||||
|
const accessibleCollections = collectionsExpanded.filter((c) => req.user.checkCanAccessLibrary(c.libraryId))
|
||||||
res.json({
|
res.json({
|
||||||
collections: collectionsExpanded
|
collections: accessibleCollections
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -431,6 +436,10 @@ class CollectionController {
|
||||||
if (!collection) {
|
if (!collection) {
|
||||||
return res.status(404).send('Collection not found')
|
return res.status(404).send('Collection not found')
|
||||||
}
|
}
|
||||||
|
if (!req.user.checkCanAccessLibrary(collection.libraryId)) {
|
||||||
|
Logger.warn(`[CollectionController] User "${req.user.username}" attempted to access collection ${collection.id} in inaccessible library ${collection.libraryId}`)
|
||||||
|
return res.status(404).send('Collection not found')
|
||||||
|
}
|
||||||
req.collection = collection
|
req.collection = collection
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -37,6 +37,10 @@ class PlaylistController {
|
||||||
if (reqBody.description && typeof reqBody.description !== 'string') {
|
if (reqBody.description && typeof reqBody.description !== 'string') {
|
||||||
return res.status(400).send('Invalid playlist description')
|
return res.status(400).send('Invalid playlist description')
|
||||||
}
|
}
|
||||||
|
if (!req.user.checkCanAccessLibrary(reqBody.libraryId)) {
|
||||||
|
Logger.warn(`[PlaylistController] User "${req.user.username}" attempted to create playlist in inaccessible library ${reqBody.libraryId}`)
|
||||||
|
return res.sendStatus(403)
|
||||||
|
}
|
||||||
const items = reqBody.items || []
|
const items = reqBody.items || []
|
||||||
const isPodcast = items.some((i) => i.episodeId)
|
const isPodcast = items.some((i) => i.episodeId)
|
||||||
const libraryItemIds = new Set()
|
const libraryItemIds = new Set()
|
||||||
|
|
@ -133,8 +137,9 @@ class PlaylistController {
|
||||||
*/
|
*/
|
||||||
async findAllForUser(req, res) {
|
async findAllForUser(req, res) {
|
||||||
const playlistsForUser = await Database.playlistModel.getOldPlaylistsForUserAndLibrary(req.user.id)
|
const playlistsForUser = await Database.playlistModel.getOldPlaylistsForUserAndLibrary(req.user.id)
|
||||||
|
const accessiblePlaylists = playlistsForUser.filter((p) => req.user.checkCanAccessLibrary(p.libraryId))
|
||||||
res.json({
|
res.json({
|
||||||
playlists: playlistsForUser
|
playlists: accessiblePlaylists
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -508,6 +513,10 @@ class PlaylistController {
|
||||||
if (!collection) {
|
if (!collection) {
|
||||||
return res.status(404).send('Collection not found')
|
return res.status(404).send('Collection not found')
|
||||||
}
|
}
|
||||||
|
if (!req.user.checkCanAccessLibrary(collection.libraryId)) {
|
||||||
|
Logger.warn(`[PlaylistController] User "${req.user.username}" attempted to create playlist from collection ${collection.id} in inaccessible library ${collection.libraryId}`)
|
||||||
|
return res.status(404).send('Collection not found')
|
||||||
|
}
|
||||||
// Expand collection to get library items
|
// Expand collection to get library items
|
||||||
const collectionExpanded = await collection.getOldJsonExpanded(req.user)
|
const collectionExpanded = await collection.getOldJsonExpanded(req.user)
|
||||||
if (!collectionExpanded) {
|
if (!collectionExpanded) {
|
||||||
|
|
@ -573,6 +582,10 @@ class PlaylistController {
|
||||||
Logger.warn(`[PlaylistController] Playlist ${req.params.id} requested by user ${req.user.id} that is not the owner`)
|
Logger.warn(`[PlaylistController] Playlist ${req.params.id} requested by user ${req.user.id} that is not the owner`)
|
||||||
return res.sendStatus(403)
|
return res.sendStatus(403)
|
||||||
}
|
}
|
||||||
|
if (!req.user.checkCanAccessLibrary(playlist.libraryId)) {
|
||||||
|
Logger.warn(`[PlaylistController] User "${req.user.username}" attempted to access playlist ${playlist.id} in inaccessible library ${playlist.libraryId}`)
|
||||||
|
return res.status(404).send('Playlist not found')
|
||||||
|
}
|
||||||
req.playlist = playlist
|
req.playlist = playlist
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue