diff --git a/server/controllers/CollectionController.js b/server/controllers/CollectionController.js index bb00ea346..1476b0f81 100644 --- a/server/controllers/CollectionController.js +++ b/server/controllers/CollectionController.js @@ -41,10 +41,6 @@ class CollectionController { if (reqBody.description && typeof reqBody.description !== 'string') { return res.status(400).send('Invalid collection description') } - if (!req.user.checkCanAccessLibrary(reqBody.libraryId)) { - Logger.warn(`[CollectionController] User "${req.user.username}" attempted to create collection in inaccessible library ${reqBody.libraryId}`) - return res.sendStatus(403) - } const libraryItemIds = (reqBody.books || []).filter((b) => !!b && typeof b == 'string') if (!libraryItemIds.length) { return res.status(400).send('Invalid collection data. No books') @@ -113,9 +109,8 @@ class CollectionController { */ async findAll(req, res) { const collectionsExpanded = await Database.collectionModel.getOldCollectionsJsonExpanded(req.user) - const accessibleCollections = collectionsExpanded.filter((c) => req.user.checkCanAccessLibrary(c.libraryId)) res.json({ - collections: accessibleCollections + collections: collectionsExpanded }) } @@ -436,10 +431,6 @@ class CollectionController { if (!collection) { return res.status(404).send('Collection not found') } - if (!req.user.checkCanAccessLibrary(collection.libraryId)) { - Logger.warn(`[CollectionController] User "${req.user.username}" attempted to access collection ${collection.id} in inaccessible library ${collection.libraryId}`) - return res.status(404).send('Collection not found') - } req.collection = collection } diff --git a/server/controllers/PlaylistController.js b/server/controllers/PlaylistController.js index 6ad7cff9e..bc1a7a455 100644 --- a/server/controllers/PlaylistController.js +++ b/server/controllers/PlaylistController.js @@ -37,10 +37,6 @@ class PlaylistController { if (reqBody.description && typeof reqBody.description !== 'string') { return res.status(400).send('Invalid playlist description') } - if (!req.user.checkCanAccessLibrary(reqBody.libraryId)) { - Logger.warn(`[PlaylistController] User "${req.user.username}" attempted to create playlist in inaccessible library ${reqBody.libraryId}`) - return res.sendStatus(403) - } const items = reqBody.items || [] const isPodcast = items.some((i) => i.episodeId) const libraryItemIds = new Set() @@ -137,9 +133,8 @@ class PlaylistController { */ async findAllForUser(req, res) { const playlistsForUser = await Database.playlistModel.getOldPlaylistsForUserAndLibrary(req.user.id) - const accessiblePlaylists = playlistsForUser.filter((p) => req.user.checkCanAccessLibrary(p.libraryId)) res.json({ - playlists: accessiblePlaylists + playlists: playlistsForUser }) } @@ -513,10 +508,6 @@ class PlaylistController { if (!collection) { return res.status(404).send('Collection not found') } - if (!req.user.checkCanAccessLibrary(collection.libraryId)) { - Logger.warn(`[PlaylistController] User "${req.user.username}" attempted to create playlist from collection ${collection.id} in inaccessible library ${collection.libraryId}`) - return res.status(404).send('Collection not found') - } // Expand collection to get library items const collectionExpanded = await collection.getOldJsonExpanded(req.user) if (!collectionExpanded) { @@ -582,10 +573,6 @@ class PlaylistController { Logger.warn(`[PlaylistController] Playlist ${req.params.id} requested by user ${req.user.id} that is not the owner`) return res.sendStatus(403) } - if (!req.user.checkCanAccessLibrary(playlist.libraryId)) { - Logger.warn(`[PlaylistController] User "${req.user.username}" attempted to access playlist ${playlist.id} in inaccessible library ${playlist.libraryId}`) - return res.status(404).send('Playlist not found') - } req.playlist = playlist }