groove/audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2026-05-12 22:41:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
audiobookshelf/test/server/controllers/LibraryItemController.canStream.test.js
zriddle 464b720d9e Add canStream user permission to control streaming access 
Adds a per-user "Can Stream" permission mirroring the existing "Can Download"
pattern. Server admins can now disable streaming for specific users, encouraging
local downloads instead. Addresses #2572.

Changes:
- User model: stream permission in mapping, defaults, and getter
- ApiKey model: stream permission in defaults
- Controller: 403 enforcement on playback session creation endpoints
- Frontend: permission toggle in admin UI, play button gated by canStream,
  download button shown when streaming disabled, message when neither allowed
- Tests: 11 Mocha tests (model + controller), 1 Cypress test (card UI)
- Localization: English strings for toggle label and fallback message

The getter uses !== false (rather than !!) so existing users without the
stream key in their permissions JSON default to allowed on upgrade.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-02 14:12:08 -06:00

101 lines
3 KiB
JavaScript
Raw Blame History

const { expect } = require('chai')
const sinon = require('sinon')
const LibraryItemController = require('../../../server/controllers/LibraryItemController')
const Logger = require('../../../server/Logger')
describe('LibraryItemController - canStream enforcement', () => {
beforeEach(() => {
sinon.stub(Logger, 'warn')
sinon.stub(Logger, 'error')
})
afterEach(() => {
sinon.restore()
})
describe('startPlaybackSession', () => {
it('should return 403 when user cannot stream', () => {
const req = {
user: { canStream: false, username: 'testuser' },
libraryItem: { hasAudioTracks: true, id: 'li_test' }
}
const res = { sendStatus: sinon.spy() }
LibraryItemController.startPlaybackSession.call({}, req, res)
expect(res.sendStatus.calledWith(403)).to.be.true
expect(Logger.warn.calledOnce).to.be.true
expect(Logger.warn.firstCall.args[0]).to.include('testuser')
})
it('should not block when user can stream', () => {
const startSessionRequest = sinon.spy()
const req = {
user: { canStream: true },
libraryItem: { hasAudioTracks: true, id: 'li_test' }
}
const res = { sendStatus: sinon.spy() }
LibraryItemController.startPlaybackSession.call(
{ playbackSessionManager: { startSessionRequest } },
req,
res
)
expect(res.sendStatus.called).to.be.false
expect(startSessionRequest.calledOnce).to.be.true
})
it('should return 404 when item has no audio tracks', () => {
const req = {
user: { canStream: true },
libraryItem: { hasAudioTracks: false, id: 'li_test' }
}
const res = { sendStatus: sinon.spy() }
LibraryItemController.startPlaybackSession.call({}, req, res)
expect(res.sendStatus.calledWith(404)).to.be.true
})
})
describe('startEpisodePlaybackSession', () => {
it('should return 403 when user cannot stream', () => {
const req = {
user: { canStream: false, username: 'testuser' },
libraryItem: { isPodcast: true, id: 'li_test' },
params: { episodeId: 'ep_1' }
}
const res = { sendStatus: sinon.spy() }
LibraryItemController.startEpisodePlaybackSession.call({}, req, res)
expect(res.sendStatus.calledWith(403)).to.be.true
expect(Logger.warn.calledOnce).to.be.true
})
it('should not block when user can stream', () => {
const startSessionRequest = sinon.spy()
const req = {
user: { canStream: true },
libraryItem: {
isPodcast: true,
id: 'li_test',
media: { podcastEpisodes: [{ id: 'ep_1' }] }
},
params: { episodeId: 'ep_1' }
}
const res = { sendStatus: sinon.spy() }
LibraryItemController.startEpisodePlaybackSession.call(
{ playbackSessionManager: { startSessionRequest } },
req,
res
)
expect(res.sendStatus.called).to.be.false
expect(startSessionRequest.calledOnce).to.be.true
})
})
})
Reference in a new issue View git blame Copy permalink