Update:Authors page check user can access library items and can edit

This commit is contained in:
advplyr 2022-05-08 18:48:57 -05:00
parent 4f7588c87d
commit 7f27eabf3e
4 changed files with 11 additions and 7 deletions

View File

@ -11,7 +11,7 @@
<div class="flex items-center mb-8"> <div class="flex items-center mb-8">
<h1 class="text-2xl">{{ author.name }}</h1> <h1 class="text-2xl">{{ author.name }}</h1>
<button class="w-8 h-8 rounded-full flex items-center justify-center mx-4 cursor-pointer text-gray-300 hover:text-warning transform hover:scale-125 duration-100" @click="editAuthor"> <button v-if="userCanUpdate" class="w-8 h-8 rounded-full flex items-center justify-center mx-4 cursor-pointer text-gray-300 hover:text-warning transform hover:scale-125 duration-100" @click="editAuthor">
<span class="material-icons text-base">edit</span> <span class="material-icons text-base">edit</span>
</button> </button>
</div> </div>
@ -68,6 +68,9 @@ export default {
}, },
authorSeries() { authorSeries() {
return this.author.series || [] return this.author.series || []
},
userCanUpdate() {
return this.$store.getters['user/getUserCanUpdate']
} }
}, },
methods: { methods: {

View File

@ -16,6 +16,7 @@ class AuthorController {
// Used on author landing page to include library items and items grouped in series // Used on author landing page to include library items and items grouped in series
if (include.includes('items')) { if (include.includes('items')) {
authorJson.libraryItems = this.db.libraryItems.filter(li => { authorJson.libraryItems = this.db.libraryItems.filter(li => {
if (!req.user.checkCanAccessLibraryItem(li)) return false // filter out library items user cannot access
return li.media.metadata.hasAuthor && li.media.metadata.hasAuthor(req.author.id) return li.media.metadata.hasAuthor && li.media.metadata.hasAuthor(req.author.id)
}) })

View File

@ -379,13 +379,8 @@ class LibraryItemController {
var item = this.db.libraryItems.find(li => li.id === req.params.id) var item = this.db.libraryItems.find(li => li.id === req.params.id)
if (!item || !item.media) return res.sendStatus(404) if (!item || !item.media) return res.sendStatus(404)
// Check user can access this library
if (!req.user.checkCanAccessLibrary(item.libraryId)) {
return res.sendStatus(403)
}
// Check user can access this library item // Check user can access this library item
if (!req.user.checkCanAccessLibraryItemWithTags(item.media.tags)) { if (!req.user.checkCanAccessLibraryItem(item)) {
return res.sendStatus(403) return res.sendStatus(403)
} }

View File

@ -341,6 +341,11 @@ class User {
return this.itemTagsAccessible.some(tag => tags.includes(tag)) return this.itemTagsAccessible.some(tag => tags.includes(tag))
} }
checkCanAccessLibraryItem(libraryItem) {
if (!this.checkCanAccessLibrary(libraryItem.libraryId)) return false
return this.checkCanAccessLibraryItemWithTags(libraryItem.media.tags)
}
findBookmark(libraryItemId, time) { findBookmark(libraryItemId, time) {
return this.bookmarks.find(bm => bm.libraryItemId === libraryItemId && bm.time == time) return this.bookmarks.find(bm => bm.libraryItemId === libraryItemId && bm.time == time)
} }