Update:Authors page check user can access library items and can edit

2024-12-28 09:38:56 +01:00 · 2022-05-08 18:48:57 -05:00 · 2022-05-08 18:48:57 -05:00 · 7f27eabf3e
commit 7f27eabf3e
parent 4f7588c87d
4 changed files with 11 additions and 7 deletions
--- a/client/pages/author/_id.vue
+++ b/client/pages/author/_id.vue
@ -11,7 +11,7 @@
          <div class="flex items-center mb-8">
            <h1 class="text-2xl">{{ author.name }}</h1>

-            <button class="w-8 h-8 rounded-full flex items-center justify-center mx-4 cursor-pointer text-gray-300 hover:text-warning transform hover:scale-125 duration-100" @click="editAuthor">
+            <button v-if="userCanUpdate" class="w-8 h-8 rounded-full flex items-center justify-center mx-4 cursor-pointer text-gray-300 hover:text-warning transform hover:scale-125 duration-100" @click="editAuthor">
              <span class="material-icons text-base">edit</span>
            </button>
          </div>
@ -68,6 +68,9 @@ export default {
    },
    authorSeries() {
      return this.author.series || []
+    },
+    userCanUpdate() {
+      return this.$store.getters['user/getUserCanUpdate']
    }
  },
  methods: {
--- a/server/controllers/AuthorController.js
+++ b/server/controllers/AuthorController.js
@ -16,6 +16,7 @@ class AuthorController {
    // Used on author landing page to include library items and items grouped in series
    if (include.includes('items')) {
      authorJson.libraryItems = this.db.libraryItems.filter(li => {
+        if (!req.user.checkCanAccessLibraryItem(li)) return false // filter out library items user cannot access
        return li.media.metadata.hasAuthor && li.media.metadata.hasAuthor(req.author.id)
      })

--- a/server/controllers/LibraryItemController.js
+++ b/server/controllers/LibraryItemController.js
@ -379,13 +379,8 @@ class LibraryItemController {
    var item = this.db.libraryItems.find(li => li.id === req.params.id)
    if (!item || !item.media) return res.sendStatus(404)

-    // Check user can access this library
-    if (!req.user.checkCanAccessLibrary(item.libraryId)) {
-      return res.sendStatus(403)
-    }
-
    // Check user can access this library item
-    if (!req.user.checkCanAccessLibraryItemWithTags(item.media.tags)) {
+    if (!req.user.checkCanAccessLibraryItem(item)) {
      return res.sendStatus(403)
    }

--- a/server/objects/user/User.js
+++ b/server/objects/user/User.js
@ -341,6 +341,11 @@ class User {
    return this.itemTagsAccessible.some(tag => tags.includes(tag))
  }

+  checkCanAccessLibraryItem(libraryItem) {
+    if (!this.checkCanAccessLibrary(libraryItem.libraryId)) return false
+    return this.checkCanAccessLibraryItemWithTags(libraryItem.media.tags)
+  }
+
  findBookmark(libraryItemId, time) {
    return this.bookmarks.find(bm => bm.libraryItemId === libraryItemId && bm.time == time)
  }